[Bug 80] New: Not detected packets?

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Fri, 18 Apr 2003 21:18:23 +0200


https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=80

           Summary: Not detected packets?
           Product: netfilter/iptables
           Version: linux-2.4.x
          Platform: i386
        OS/Version: RedHat Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ip_tables (kernel)
        AssignedTo: laforge@netfilter.org
        ReportedBy: ral928@wish.nl
                CC: netfilter-buglog@lists.netfilter.org


Packets coming into the outer interface with a private network ip are accepted 
even with the following settings of a HW firewall PC:




[root@ulysses sysconfig]# iptables -vnL FORWARD


Chain FORWARD (policy DROP 0 packets, 0 bytes)


 pkts bytes target     prot opt in     out     source               destination


    0     0 DROP       all  --  eth0   *       192.168.0.0/16       0.0.0.0/0


    0     0 DROP       all  --  eth0   *       192.168.1.101        0.0.0.0/0




at the same time on the local PC:


c:\>netstat -no




Active Connections




  Proto  Local Address          Foreign Address        State           PID


  TCP    192.168.1.12:3584      192.168.0.166:1214     SYN_SENT        2344


  TCP    192.168.1.12:3585      192.168.1.102:1214     SYN_SENT        2344


  TCP    192.168.1.12:3586      192.168.0.3:1214       SYN_SENT        2344


  TCP    192.168.1.12:3587      192.168.1.101:2575     SYN_SENT        2344




and the log of the SW firewall on the local PC:




2003-04-18 20:17:22 OPEN TCP 192.168.1.12 192.168.0.166 3584 1214 - - - - - - --


2003-04-18 20:17:22 OPEN TCP 192.168.1.12 192.168.1.102 3585 1214 - - - - - - --


2003-04-18 20:17:22 OPEN TCP 192.168.1.12 192.168.0.3 3586 1214 - - - - - - - 
2003-04-18 20:17:22 OPEN TCP 192.168.1.12 192.168.1.101 3587 2575 - - - - - - - 


?


2003-04-18 20:19:03 CLOSE TCP 192.168.1.12 192.168.0.166 3584 1214 - - - - - ---


2003-04-18 20:19:03 CLOSE TCP 192.168.1.12 192.168.1.102 3585 1214 - - - - - ---


2003-04-18 20:19:03 CLOSE TCP 192.168.1.12 192.168.0.3 3586 1214 - - - - - - 
2003-04-18 20:19:03 CLOSE TCP 192.168.1.12 192.168.1.101 3587 2575 - - - - - ---



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.