problem with (incorrectly?) INVALID packets
Grant Taylor
gtaylor at riverviewtech.net
Sat Dec 16 05:48:33 CET 2006
On 12/15/06 05:34, Mike Williams wrote:
<really big snip>
> Routing table now:
> # route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 90.1...1.64 0.0.0.0 255.255.255.224 U 0 0 0 bond0
> 192.168.131.0 0.0.0.0 255.255.255.0 U 0 0 0 bond1
> 192.168.22.0 90.1...1.69 255.255.255.0 UG 0 0 0 bond0
> 192.168.128.0 0.0.0.0 255.255.255.0 U 0 0 0 bond3
> 192.168.0.0 90.1...1.69 255.255.255.0 UG 0 0 0 bond0
> 192.168.30.0 90.1...1.69 255.255.255.0 UG 0 0 0 bond0
> 192.168.136.0 0.0.0.0 255.255.255.0 U 0 0 0 bond2
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 90.1...1.69 0.0.0.0 UG 0 0 0 bond0
>
> Routing table previously:
> # route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 90.1...1.64 0.0.0.0 255.255.255.224 U 0 0 0 br0
> 192.168.131.0 0.0.0.0 255.255.255.0 U 0 0 0 bond1
> 192.168.22.0 90.1...1.69 255.255.255.0 UG 0 0 0 br0
> 192.168.128.0 0.0.0.0 255.255.255.0 U 0 0 0 bond3
> 192.168.0.0 90.1...1.69 255.255.255.0 UG 0 0 0 br0
> 192.168.30.0 90.1...1.69 255.255.255.0 UG 0 0 0 br0
> 192.168.136.0 0.0.0.0 255.255.255.0 U 0 0 0 bond2
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 90.1...1.69 0.0.0.0 UG 1000 0 0 br0
Sorry, if I have missed it, but which system are these routing tables
from? Bridge or LFW?
> # uname -r
> 2.6.17-hardened-r1
> # zgrep BRIDGE_NETFILTER /proc/config.gz
> CONFIG_BRIDGE_NETFILTER=y
This means that you will be able to use IPTables to filter your bridged
traffic. Which as I think about it, with out seeing your full IPTables
rule set, may be the reason some of your packets are having their state
incorrectly identified. Can we see a full iptables-save output?
Grant. . . .
More information about the netfilter
mailing list