Re: NAT translation problem - leakage of packets with original source address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx> wrote:
> Chain POSTROUTING (policy ACCEPT 1170K packets, 1616M bytes)
>  pkts bytes target     prot opt in     out     source
> destination
> 84216 8212K ACCEPT     all  --  *      eth0.2  192.168.10.0/24
> 0.0.0.0/0
>  552K   46M ACCEPT     all  --  *      eth0.2  192.168.11.0/24
> 0.0.0.0/0
>     0     0 ACCEPT     all  --  *      eth0.2  192.168.12.0/24
> 0.0.0.0/0
>     0     0 DROP       all  --  *      eth0.2  192.168.0.0/16
> 0.0.0.0/0
>     0     0 DROP       tcp  --  *      eth0.2  0.0.0.0/0
> 0.0.0.0/0            state INVALID

I suspect you need to move the INVALID rule to the beginning,
else packets might get accepted by earlier rule.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux