Join Log in
Score:0
skp avatar Server

packet goes up input chain instead of being forwarded

cn flag
skp

I am trying to see if i can forward traffic through a loopback interface. The primary reason for me to do this is to see if I can force a route lookup as the packet traverses through the loopback interfaces. I have some ebpf hooks that NATs and marks packets that I need to be routed differently based on marks and src IPs. I am just experimenting at the moment, and this question is only to better understand how routing works for packets going through the loopback interfaces.

I have a routing rule to route anything coming from say eth0's IP going to 8.8.8.8 to be routed to the loopback interface lo. I have another routing rule to route anything coming from lo going to 8.8.8.8 to be routed through the eth1 interface.

I then do a ping using eth0's IP to 8.8.8.8 and this does not work. I then added a iptables rule to TRACE the packet. The routing rules I have are

routing rules:
> ip rule show
0: from all lookup local
90: from all iif lo lookup 19
97: from 10.10.100.29 lookup 20
32766: from all lookup main
32767: from all lookup default
> ip route add default via 127.0.0.1 table 20
> ip route add default via 172.16.100.1 table 19

When I do a ping using source 10.10.100.29 to 8.8.8.8, I see the following in the iptables trace.

PACKET: 2 c11de1cf IN=lo LOOPBACK SRC=10.10.100.29 DST=8.8.8.8 LEN=84 TOS=0x0 TTL=64 ID=16089DF
 TRACE: 2 c11de1cf raw:PREROUTING:rule:0x5:CONTINUE  -4 -t raw -A PREROUTING -i lo -j TRACE
 TRACE: 2 c11de1cf raw:PREROUTING:return:
 TRACE: 2 c11de1cf raw:PREROUTING:policy:ACCEPT
 TRACE: 2 c11de1cf mangle:PREROUTING:return:
 TRACE: 2 c11de1cf mangle:PREROUTING:policy:ACCEPT
 TRACE: 2 c11de1cf mangle:INPUT:return:
 TRACE: 2 c11de1cf mangle:INPUT:policy:ACCEPT

As you can see the packet has a destination of 8.8.8.8, incoming interface is lo, but it goes up the INPUT chain, instead of a FORWARD chain (8.8.8.8 is not an IP on the host).

Is there an assumption that anything coming through the loopback interface is meant for local consumption?

I have looked at this Forward packet from loopback interface based on routing table, and what I am trying to achieve is similar to the other post, but that post does not address why the packet goes up the input chain.

25
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.