Re: NAT translation problem - leakage of packets with original source address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

W dniu 2022-03-11 13:53, Florian Westphal napisał(a):

Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx> wrote:

Chain POSTROUTING (policy ACCEPT 1170K packets, 1616M bytes)
 pkts bytes target     prot opt in     out     source
destination
84216 8212K ACCEPT     all  --  *      eth0.2  192.168.10.0/24
0.0.0.0/0
 552K   46M ACCEPT     all  --  *      eth0.2  192.168.11.0/24
0.0.0.0/0
    0     0 ACCEPT     all  --  *      eth0.2  192.168.12.0/24
0.0.0.0/0
    0     0 DROP       all  --  *      eth0.2  192.168.0.0/16
0.0.0.0/0
    0     0 DROP       tcp  --  *      eth0.2  0.0.0.0/0
0.0.0.0/0            state INVALID


I suspect you need to move the INVALID rule to the beginning,
else packets might get accepted by earlier rule.


Hello,
this is how i coped with this problem. Thank you for all your help :)

https://bugzilla.netfilter.org/show_bug.cgi?id=1115

I checked and filtered INVALID accordingly and it works :)

--
Marcin Kabiesz
Administrator Sieci IT
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux