Re: NAT translation problem - leakage of packets with original source address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



W dniu 2022-03-10 13:08, Florian Westphal napisał(a):
Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx> wrote:
is it possible that with the OpenVPN interface tun0 every now and then some
packets with a private source address are visible and forwarded to the
router?

Yes, NAT is only applied to packets that conntrack considers sane/valid.

You can e.g. add a drop rule for INVALID packets.

Welcome,
Thank you for your answer.
My question is where do I create a rule for invalid packets? in NAT POSTROUTING? or MANGLE POSTROUTING or other place leaving the server? I am waiting for your opinion.

--
Marcin Kabiesz
Administrator Sieci IT



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux