INVALID packet in routed network. Why?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In linux netfilter sooner or later i found something that puzzle me.


At home, i manage my gateway to an internet line (PPPoE); gateway have
lan address 192.168.1.1/21.

I needed wireless and wired connection to a near apartement, so i setup an
OpenWRT/LEDE router, that have 192.168.1.17 address as WAN, and serve as LAN
192.168.17.1/21.
I've disabled firewall in the LEDE router, and added to my gateway a route
like:

	192.168.16.0/21 via 192.168.1.17 dev br0

Also, i've added to my gateway NAT for 192.168.16.0/21.


I suppose al working. But not.


1) one of my 'cleanup rule' say:

	iptables -I FORWARD -m conntrack --ctstate INVALID -j DROP

and i've found that all return traffic get marked as 'INVALID' and so
rejected. Why?


2) removing temporarly the DROP rule above make at least working the ping
 betwen hosts in 192.168.0.0/21 and hosts in 192.168.16.0/21 network.

But still i cannot, from 192.168.16.0/21, ping outside (eg, 8.8.8.8): packet
get out, return back to the public interface but get silently discarded,
don't get routed back.


Someone can help me? Thanks.

-- 
  ...noi leggiamo il Vangelo come se non avessimo soldi,
  e usiamo i soldi come se non conoscessimo nulla del Vangelo...
						(un Gesuita inglese)





[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux