'Re: problem with (incorrectly?) INVALID packets'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: problem with (incorrectly?) INVALID packets
From:       Grant Taylor <gtaylor () riverviewtech ! net>
Date:       2006-12-16 4:48:33
Message-ID: 45837AA1.6030508 () riverviewtech ! net
[Download RAW message or body]

On 12/15/06 05:34, Mike Williams wrote:

<really big snip>

> Routing table now:
> # route -n 
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 90.1...1.64    0.0.0.0         255.255.255.224 U     0      0        0 bond0
> 192.168.131.0   0.0.0.0         255.255.255.0   U     0      0        0 bond1
> 192.168.22.0    90.1...1.69    255.255.255.0   UG    0      0        0 bond0
> 192.168.128.0   0.0.0.0         255.255.255.0   U     0      0        0 bond3
> 192.168.0.0     90.1...1.69    255.255.255.0   UG    0      0        0 bond0
> 192.168.30.0    90.1...1.69    255.255.255.0   UG    0      0        0 bond0
> 192.168.136.0   0.0.0.0         255.255.255.0   U     0      0        0 bond2
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
> 0.0.0.0         90.1...1.69    0.0.0.0         UG    0      0        0 bond0
> 
> Routing table previously:
> # route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 90.1...1.64    0.0.0.0         255.255.255.224 U     0      0        0 br0
> 192.168.131.0   0.0.0.0         255.255.255.0   U     0      0        0 bond1
> 192.168.22.0    90.1...1.69    255.255.255.0   UG    0      0        0 br0
> 192.168.128.0   0.0.0.0         255.255.255.0   U     0      0        0 bond3
> 192.168.0.0     90.1...1.69    255.255.255.0   UG    0      0        0 br0
> 192.168.30.0    90.1...1.69    255.255.255.0   UG    0      0        0 br0
> 192.168.136.0   0.0.0.0         255.255.255.0   U     0      0        0 bond2
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
> 0.0.0.0         90.1...1.69    0.0.0.0         UG    1000   0        0 br0

Sorry, if I have missed it, but which system are these routing tables 
from?  Bridge or LFW?

> # uname -r
> 2.6.17-hardened-r1
> # zgrep BRIDGE_NETFILTER /proc/config.gz
> CONFIG_BRIDGE_NETFILTER=y

This means that you will be able to use IPTables to filter your bridged 
traffic.  Which as I think about it, with out seeing your full IPTables 
rule set, may be the reason some of your packets are having their state 
incorrectly identified.  Can we see a full iptables-save output?



Grant. . . .

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic