On Friday, 28 April 2017 1:08:27 AM AEST Noel Kuntze wrote: > Am 27. April 2017 07:21:14 MESZ schrieb Kevin <kmg952@xxxxxxxxxxx>: > >Hi, > > > >I'm having trouble changing my iptables configuration to work with a > >new > >NordVPN/OpenVPN. > > > >In trying to diagnose the problem, I have saturated my firewall with > >"-j LOG" > >rules. The problem is that the initial SYN packet to TCP port 22 seems > >to go > >missing between the "nat prerouting" and the "mangle input" chains. > > That's where the routing decision is and the rp_filter. It likely drops the > packets because they're martians. That's a good thing. Fix your routing on > the host. That was the problem! I was not aware of rp-filter. As I'm running Fedora I've echo'd 2 to the relevant /proc rp-filter files. Sadly, that hasn't solved my initial problem - but that's not an iptables problem. Thanks for your help - all I needed was that one keyword. Kevin -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
