NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: problem with (incorrectly?) INVALID packets

from [Grant Taylor] [Permanent Link][Original]
To: Mail List - Netfilter <netfilter@lists.netfilter.org>
Subject: Re: problem with (incorrectly?) INVALID packets
From: Grant Taylor <gtaylor@riverviewtech.net>
Date: Fri, 15 Dec 2006 22:48:33 -0600
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
In-reply-to: <200612151134.35827.mike@v6.gaima.co.uk>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References: <200612121942.19276.mike@v6.gaima.co.uk> <200612131239.35043.mike@v6.gaima.co.uk> <45808C72.7060404@riverviewtech.net> <200612151134.35827.mike@v6.gaima.co.uk>
Sender: netfilter-bounces@lists.netfilter.org
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061025 Thunderbird/1.5.0.8 Mnenhy/0.7.4.666 
On 12/15/06 05:34, Mike Williams wrote:

<really big snip>


Routing table now:
# route -n Kernel IP routing table 
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
90.1...1.64    0.0.0.0         255.255.255.224 U     0      0        0 bond0
192.168.131.0   0.0.0.0         255.255.255.0   U     0      0        0 bond1
192.168.22.0    90.1...1.69    255.255.255.0   UG    0      0        0 bond0
192.168.128.0   0.0.0.0         255.255.255.0   U     0      0        0 bond3
192.168.0.0     90.1...1.69    255.255.255.0   UG    0      0        0 bond0
192.168.30.0    90.1...1.69    255.255.255.0   UG    0      0        0 bond0
192.168.136.0   0.0.0.0         255.255.255.0   U     0      0        0 bond2
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         90.1...1.69    0.0.0.0         UG    0      0        0 bond0

Routing table previously:
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
90.1...1.64    0.0.0.0         255.255.255.224 U     0      0        0 br0
192.168.131.0   0.0.0.0         255.255.255.0   U     0      0        0 bond1
192.168.22.0    90.1...1.69    255.255.255.0   UG    0      0        0 br0
192.168.128.0   0.0.0.0         255.255.255.0   U     0      0        0 bond3
192.168.0.0     90.1...1.69    255.255.255.0   UG    0      0        0 br0
192.168.30.0    90.1...1.69    255.255.255.0   UG    0      0        0 br0
192.168.136.0   0.0.0.0         255.255.255.0   U     0      0        0 bond2
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         90.1...1.69    0.0.0.0         UG    1000   0        0 br0
Sorry, if I have missed it, but which system are these routing tables from? Bridge or LFW? 


# uname -r
2.6.17-hardened-r1
# zgrep BRIDGE_NETFILTER /proc/config.gz
CONFIG_BRIDGE_NETFILTER=y
This means that you will be able to use IPTables to filter your bridged traffic. Which as I think about it, with out seeing your full IPTables rule set, may be the reason some of your packets are having their state incorrectly identified. Can we see a full iptables-save output? 



Grant. . . .
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  re: Dos and DDoS, wlagmay
Next by Date:  Re: is it possible to nat to the routed IP?, Zhen Zhou
Previous by Thread:  Re: problem with (incorrectly?) INVALID packets, Mike Williams
Next by Thread:  Re: problem with (incorrectly?) INVALID packets, Mike Williams
Indexes:  [Date] [Thread] [Top] [All Lists]