0

Why iptables rules pass netperf TCP_STREAM test through, but break UDP_STREAM?

I have a network: 

 +---------------+ | | [client]--[NAT]--[server]

On the NAT, I have added the following iptables rules:

$ iptables -t nat -L:

Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere

$ iptables -L: Chain INPUT (policy ACCEPT) target prot opt source destination 

Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination

It works well, when I run ping server on the client, when I run netperf through TCP, and when I run netperf through UDP via the direct connection. But it does not work if I run:

$ netperf -H 192.168.2.10 -t UDP_STREAM -l 1 MIGRATED UDP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 192.168.2.10 () port 0 AF_INET : demo send_data: data send error: errno 101 netperf: send_omni: send_data failed: Network is unreachable

It seems, the iptables firewall blocks the UDP packets.

Is it so, and how do I configure it not to?

Improve this question

1 Answer 1

Reset to default
1

The answer is here: https://stackoverflow.com/a/24211455/1234026

In short: netperf disables IP routing by default for UDP_STREAM test, and if the target address is in a different subnet, it fails to find the route. To make it act normally, I need to supply -R 1 key as a test-specific option.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.