[Bug 693] SNAT is failing to maquerade some TCP RST packets
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Tue Dec 6 19:30:12 CET 2011
http://bugzilla.netfilter.org/show_bug.cgi?id=693
--- Comment #9 from www at applejelly.org 2011-12-06 19:30:11 ---
(In reply to comment #8)
> (In reply to comment #5)
> www at applejelly.org: If I understand your example correctly, you are trying to
> make new TCP sessions in violation of the protocol. That senario is, in my
> opinion, well documented (or at least better documented). Following is the
> related segment of my iptables script:
>
> # A NEW TCP connection requires SYN bit set and FIN,RST,ACK reset.
> # Un-NAT'ed packets go out to internet without this rule.
> # Sending RFC1918 packets to internet is considered poor form, by me anyhow.
> $IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "NEW
> TCP no SYN:" --log-level info
> $IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
>
That would be what I was doing while I was investigating why I saw an internal
IP on PPP0 as in the initial report. Sorry for wasting time. Summery: me too
Thanks for comment #6 and informing me.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
More information about the netfilter-buglog
mailing list