[Click] Basic problem of how to transfer packet to kernel under user-level click

Andrew Chanler orlot at rocketmail.com
Fri Apr 14 08:41:20 EDT 2006 

I implemented a NAT in userspace on a BSD machine and I had similar
concerns.  At first I disabled all of my kernels firewall stuff and
setup my NAT. and I started to see some strange things.  The NAT would
be working, however the kernel would also receive packets that were
supposed to only be for the NAT.
Basically, when the kernel got these packets for connections on ports
it did not have open, it would send response back to the internet with
the Reset bit set on the TCP headers.  So even though my Click NAT was
configured fine, the BSD kernel was sending out all these reset packets
so nothing worked.
The solution was to setup the kernels firewall to block everything,
except incoming port 22 because I still wanted to be able to log into
the machine.
Now the click interface still got everything, however the BSD pf
firewall dropped all packets associated with my NAT.  Then everything
worked fine.
I haven't done any of this in linux, but it sounds like a similar type
of situation.  Try configuring iptables (the linux firewall) to accept
all things you want linux to get ( since the ToHost is gone in your
click config) and to prevent the kernel from sending those reset
packets for connections you are managing in Click.

Andrew Chanler

--- Zhang Shidong <zshidong at gmail.com> wrote:

> hello,
> 
> On the configuration of Click Router, here is suggestion:
> 
> if you are using user level click, thenyou should use:
> "toh::Print(toh)->Discard"
>  instead of 'toh :: ToHost', which is meant only for kernel click.
> 
> My question is: If the Local delivery packet are all Discarded, how
> can my
> linux server receive the packets which destination to  the  local
> system?
> 
> Thanks!
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the click mailing list