From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail1.merlins.org (magic.merlins.org [209.81.13.136]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 4DB8221F190 for ; Mon, 4 Mar 2013 21:01:12 -0800 (PST) Received: from merlin by mail1.merlins.org with local (Exim 4.80 #2) id 1UCjzz-0005kR-A6 for ; Mon, 04 Mar 2013 21:01:11 -0800 Date: Mon, 4 Mar 2013 21:01:11 -0800 From: Marc MERLIN To: cerowrt-users@lists.bufferbloat.net Message-ID: <20130305050111.GB15079@merlins.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Sysadmin: BOFH X-URL: http://marc.merlins.org/ X-Operating-System: Proudly running Linux 3.1.5-core2-volpreempt-noide-hm64-20111218/Debian squeeze/sid X-Mailer: Some Outlooks can't quote properly without this header User-Agent: Mutt/1.5.13 (2006-08-11) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: marc@merlins.org Subject: [Cerowrt-users] no xt_TRACE in kernel X-BeenThere: cerowrt-users@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Support for user problems regarding cerowrt List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2013 05:01:12 -0000 Since it's a router distrib for advanced routing, would it be possible to add more modules in the kernel build? For instance, I have to debug why a packet forward/rewrite isn't working, and I can't easily: root@wireless:~# iptables -t raw -A PREROUTING -p tcp --dport 10443 -j TRACE iptables v1.4.12.2: Couldn't load target `TRACE':No such file or directory More generally, I have his: root@wireless:~# iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 4067K packets, 760M bytes) pkts bytes target prot opt in out source destination 4068K 760M prerouting_rule all -- * * 0.0.0.0/0 0.0.0.0/0 704K 190M zone_wan_prerouting all -- ge00 * 0.0.0.0/0 0.0.0.0/0 0 0 zone_guest_prerouting all -- gw00 * 0.0.0.0/0 0.0.0.0/0 0 0 zone_guest_prerouting all -- gw10 * 0.0.0.0/0 0.0.0.0/0 3364K 570M zone_lan_prerouting all -- br-lan * 0.0.0.0/0 0.0.0.0/0 Chain zone_lan_prerouting (1 references) pkts bytes target prot opt in out source destination 29 1740 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10443 to:192.168.205.72:443 3364K 570M prerouting_lan all -- * * 0.0.0.0/0 0.0.0.0/0 Chain zone_wan_prerouting (1 references) pkts bytes target prot opt in out source destination 14 840 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10443 to:192.168.205.72:443 704K 190M prerouting_wan all -- * * 0.0.0.0/0 0.0.0.0/0 telnet wan-ip 10443 works if the packet comes from the outside and arrieves on ge00. But if I do this from the lan, it shoul darrive on br-lan and be re-forwarded out on the br-lan interface, but that's not working. Being able to do packet tracing as described here http://backreference.org/2010/06/11/iptables-debugging/ Would have made my job much easier :) Thanks, Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/