iptables causes interface to stop responding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

Was wondering if anyone has come across the following problem :

For over 1 month I've been able to ssh or ping into my router through 
it's internal interface from servers within my network. Everything was 
fine, routing was working .. no problems.
(I know I'm not suppose to let servers ssh into my router :-) ).

The problem :

Servers in the internal network are no longer able to ping or ssh or 
connected to any port on the router's internal interface. The router can 
ping the servers and even ssh into them but not the other way around. 
Oddly enough the internal servers can ping and connect to the router's 
external interface ! I downed the internal interface and brought it back 
up and it still doesn't work.

I then rebooted my router and that solved the problem, temporarily ... 
until I loaded the iptables FORWARD rules (I have no INPUT or OUTPUT  
rules, default Policy set to ACCEPT). The problem returned so I did the 
next logical step and flushed all my rules, and set the POLICY to ACCEPT 
for all chains.  The problem still exists even with no rules loaded, the 
internel servers can't ping the router's internal interface.

Now, like I said I don't have any INPUT or OUTPUT rules (policy ACCEPT) 
and even when the FOWARD rules are flushed and POLICY set to ACCEPT  the 
problem still remains. Seems like my rules trigger an event that causes 
the nic to not respond to connection attempts.


The logs show the following :

New not syn:IN=eth0 OUT=eth1 SRC=142.173.65.19 DST=66.199.132.38 LEN=100 
TOS=0x10 PREC=0x00 TTL=52 ID=5180 DF PROTO=TCP SPT=40501 DPT=22 
WINDOW=9600 RES=0x00 ACK PSH URGP=0
New not syn:IN=eth0 OUT=eth1 SRC=142.173.65.19 DST=66.199.132.38 LEN=100 
TOS=0x10 PREC=0x00 TTL=52 ID=5181 DF PROTO=TCP SPT=40501 DPT=22 
WINDOW=9600 RES=0x00 ACK PSH URGP=0
New not syn:IN=eth0 OUT=eth1 SRC=142.173.65.19 DST=66.199.132.38 LEN=100 
TOS=0x10 PREC=0x00 TTL=52 ID=5182 DF PROTO=TCP SPT=40501 DPT=22 
WINDOW=9600 RES=0x00 ACK PSH URGP=0

I am running kernel 2.4.2-2, intel pro nics. Kernel is compiled with 
most of the iptables options.


Any suggestions ?

Thanks,

-----
Emanuele













-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux