On Sat, May 1, 2010 at 2:11 AM, <valerio.balbi@xxxxxxxxx> wrote: > It's not clea r (sorry). iptable rules configured in my gateway machine ( which act as a router ) has no rule to allow GRE packet coming from wan side to pass thru . There is no ALGs loaded . Still i am able to establish a pptp connection . I can see GRE packet reached client machine using a wireshark . Thanks, Ratheesh On Sat, May 1, 2010 at 2:11 AM, <valerio.balbi@xxxxxxxxx> wrote: > It's not clear (sorry). Anyway you can log or reject the gre protocol without any protocol inner inspection module. > Gre protocol is paritetical to tcp. I'm not in my deskbox, but I remember that gre protocol has protocol number 49 perhaps. So you can trace gre connection tracing searching packet with protocol number equal to 49. > > My 2 cents. > ------Messaggio originale------ > Da: ratheesh k > Mittente:netfilter-owner@xxxxxxxxxxxxxxx > A:netfilter@xxxxxxxxxxxxxxx > Oggetto: GRE protocol . > Inviato: 30 Apr 2010 09:19 > > Router wan interface is eth1 and lan interface is eth0 . > > iptables -A INPUT -m state --state ESTABLISHED , RELATED -j ACCEPT . > iptables -A INPUT -i eth1 -j DROP . > iptables -A INPUT -i eth0 -j ACCEPT > > iptables -A FORWAR -m state --state ESTABLISHED , RELATED -j ACCEPT > iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT > iptables -A FORWARD -i eth1 -o eth0 -j DROP . > > I dont have pptp connection tracking module installed . But i can > see GRE protocol packet comed from wan gets routed and reaches my > client machine connected to eth0 ?. > > I can see message id is 0 in GRE packet . > I have only pptp connection . > > Any hint is really appreciated ? > > Thanks, > Ratheesh > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > Le mail ti raggiungono ovunque con BlackBerry® from Vodafone! -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
