Hi, >>> Could you please check, does such packets match the following >>> rule? >>> >>> iptables -I FORWARD -m conntrack --ctstate INVALID -j LOG >> >>How will I be able to recognize such an entry in the logs? Is there a >>way I can add a tag to the log entry so I can be sure? > > See --log-prefix. Yes, thanks for that. It is matching some packets. Mar 5 10:01:51 fc14 kernel: [2726254.099180] dnat invalid IN=eth1 OUT=eth0 SRC=192.168.1.7 DST=203.81.151.80 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=39061 DPT=52759 WINDOW=0 RES=0x00 RST URGP=0 Mar 5 10:08:11 fc14 kernel: [2726633.762301] dnat invalid IN=eth1 OUT=eth0 SRC=192.168.1.151 DST=69.171.224.11 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=19662 DF PROTO=TCP SPT=48270 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0 Mar 5 10:08:45 fc14 kernel: [2726667.362163] dnat invalid IN=eth1 OUT=eth0 SRC=192.168.1.151 DST=69.63.181.56 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=19949 DF PROTO=TCP SPT=44230 DPT=80 WINDOW=98 RES=0x00 ACK FIN URGP=0 The last two are just regular requests for access to facebook from another PC on the internal network. Thanks, Alex -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
