In linux netfilter sooner or later i found something that puzzle me. At home, i manage my gateway to an internet line (PPPoE); gateway have lan address 192.168.1.1/21. I needed wireless and wired connection to a near apartement, so i setup an OpenWRT/LEDE router, that have 192.168.1.17 address as WAN, and serve as LAN 192.168.17.1/21. I've disabled firewall in the LEDE router, and added to my gateway a route like: 192.168.16.0/21 via 192.168.1.17 dev br0 Also, i've added to my gateway NAT for 192.168.16.0/21. I suppose al working. But not. 1) one of my 'cleanup rule' say: iptables -I FORWARD -m conntrack --ctstate INVALID -j DROP and i've found that all return traffic get marked as 'INVALID' and so rejected. Why? 2) removing temporarly the DROP rule above make at least working the ping betwen hosts in 192.168.0.0/21 and hosts in 192.168.16.0/21 network. But still i cannot, from 192.168.16.0/21, ping outside (eg, 8.8.8.8): packet get out, return back to the public interface but get silently discarded, don't get routed back. Someone can help me? Thanks. -- ...noi leggiamo il Vangelo come se non avessimo soldi, e usiamo i soldi come se non conoscessimo nulla del Vangelo... (un Gesuita inglese)
