* what is blocking packets before netfilter?
@ 2005-03-05 18:47 Horacio J. Peña
2005-03-06 17:20 ` Phil Oester
0 siblings, 1 reply; 6+ messages in thread
From: Horacio J. Peña @ 2005-03-05 18:47 UTC (permalink / raw)
To: netfilter-devel
I have:
# iptables -L -n -t mangle -v
Chain INPUT (policy ACCEPT 19862 packets, 1603K bytes)
pkts bytes target prot opt in out source destination
0 0 LOG all -- eth0 * 192.168.2.0/24 0.0.0.0/0 LOG flags 0 level 4
# iptables -L -n -t filter -v
Chain INPUT (policy ACCEPT 17061 packets, 1410K bytes)
pkts bytes target prot opt in out source destination
0 0 LOG all -- eth0 * 192.168.2.0/24 0.0.0.0/0 LOG flags 0 level 4
# tcpdump -nvvvpe icmp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:44:34.189337 00:08:a1:6c:39:00 > 00:0a:e6:2d:90:77, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl64, id 1016, offset 0, flags [DF], length: 84) 192.168.2.1 > 10.5.0.1: icmp 64: echo request seq 63491
00:0a:e6:2d:90:77 is my MAC.
/proc/sys/net/ipv4/conf/*/rp_filter are 0.
/proc/sys/net/ipv4/conf/*/forwarding are 1.
What could be eating the packets? Shouldn't iptables see anything that comes to the interface?
Thanks,
HoraPe
---
Horacio J. Peña
horape@compendium.com.ar
horape@uninet.edu
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: what is blocking packets before netfilter?
2005-03-05 18:47 what is blocking packets before netfilter? Horacio J. Peña
@ 2005-03-06 17:20 ` Phil Oester
2005-03-07 16:01 ` Horacio J. Peña
0 siblings, 1 reply; 6+ messages in thread
From: Phil Oester @ 2005-03-06 17:20 UTC (permalink / raw)
To: Horacio J. Peña; +Cc: netfilter-devel
On Sat, Mar 05, 2005 at 03:47:15PM -0300, Horacio J. Peña wrote:
> What could be eating the packets? Shouldn't iptables see anything that comes to the interface?
Impossible to answer without knowing if 10.5.0.1 is a local or remote IP.
Phil
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: what is blocking packets before netfilter?
2005-03-06 17:20 ` Phil Oester
@ 2005-03-07 16:01 ` Horacio J. Peña
0 siblings, 0 replies; 6+ messages in thread
From: Horacio J. Peña @ 2005-03-07 16:01 UTC (permalink / raw)
To: Phil Oester; +Cc: netfilter-devel
> > What could be eating the packets? Shouldn't iptables see anything that comes to the interface?
> Impossible to answer without knowing if 10.5.0.1 is a local or remote IP.
Remote. Reformulating the question, what is there between the packet
hitting the eth driver and it hitting iptables that could block it. My
first thoughts were IP forwarding (if it would be disabled, packets to
non-local addresses should be blocked) and rp_filter (as the box's route
for the src address isn't that way)
What else is there between the eth driver and iptables INPUT ?
Thanks,
HoraPe
---
Horacio J. Peña
horape@compendium.com.ar
horape@uninet.edu
^ permalink raw reply [flat|nested] 6+ messages in thread
* what is blocking packets before netfilter?
@ 2005-03-06 3:17 Horacio J. Peña
2005-03-06 3:56 ` R. DuFresne
0 siblings, 1 reply; 6+ messages in thread
From: Horacio J. Peña @ 2005-03-06 3:17 UTC (permalink / raw)
To: netfilter
I have:
# iptables -L -n -t mangle -v
Chain INPUT (policy ACCEPT 19862 packets, 1603K bytes)
pkts bytes target prot opt in out source destination
0 0 LOG all -- eth0 * 192.168.2.0/24 0.0.0.0/0 LOG flags 0 level 4
# iptables -L -n -t filter -v
Chain INPUT (policy ACCEPT 17061 packets, 1410K bytes)
pkts bytes target prot opt in out source destination
0 0 LOG all -- eth0 * 192.168.2.0/24 0.0.0.0/0 LOG flags 0 level 4
# tcpdump -nvvvpe icmp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:44:34.189337 00:08:a1:6c:39:00 > 00:0a:e6:2d:90:77, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl64, id 1016, offset 0, flags [DF], length: 84) 192.168.2.1 > 10.5.0.1: icmp 64: echo request seq 63491
00:0a:e6:2d:90:77 is my MAC.
/proc/sys/net/ipv4/conf/*/rp_filter are 0.
/proc/sys/net/ipv4/conf/*/forwarding are 1.
What could be eating the packets? Shouldn't iptables see anything that comes to the interface?
Thanks,
HoraPe
---
Horacio J. Peña
horape@compendium.com.ar
horape@uninet.edu
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: what is blocking packets before netfilter?
2005-03-06 3:17 Horacio J. Peña
@ 2005-03-06 3:56 ` R. DuFresne
2005-03-06 4:13 ` Horacio J. Peña
0 siblings, 1 reply; 6+ messages in thread
From: R. DuFresne @ 2005-03-06 3:56 UTC (permalink / raw)
To: Horacio J. Peña; +Cc: netfilter
[-- Attachment #1: Type: TEXT/PLAIN, Size: 2459 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Is tcpd enabled, does your system have a /etc/hosts.deny file, or a
hosts.allow that is populated? Is there a DSL router, or other
router/intelligent hub with an integrated firewall in it infront of or
behind the iptables firewall? Could your ISP be blocking ICMP traffic?
Thanks,
Ron DuFresne
On Sun, 6 Mar 2005, Horacio [iso-8859-1] J. Peña wrote:
> I have:
>
> # iptables -L -n -t mangle -v
> Chain INPUT (policy ACCEPT 19862 packets, 1603K bytes)
> pkts bytes target prot opt in out source destination
> 0 0 LOG all -- eth0 * 192.168.2.0/24 0.0.0.0/0 LOG flags 0 level 4
>
> # iptables -L -n -t filter -v
> Chain INPUT (policy ACCEPT 17061 packets, 1410K bytes)
> pkts bytes target prot opt in out source destination
> 0 0 LOG all -- eth0 * 192.168.2.0/24 0.0.0.0/0 LOG flags 0 level 4
>
> # tcpdump -nvvvpe icmp
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 15:44:34.189337 00:08:a1:6c:39:00 > 00:0a:e6:2d:90:77, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl64, id 1016, offset 0, flags [DF], length: 84) 192.168.2.1 > 10.5.0.1: icmp 64: echo request seq 63491
>
> 00:0a:e6:2d:90:77 is my MAC.
>
> /proc/sys/net/ipv4/conf/*/rp_filter are 0.
> /proc/sys/net/ipv4/conf/*/forwarding are 1.
>
> What could be eating the packets? Shouldn't iptables see anything that comes to the interface?
>
> Thanks,
> HoraPe
> ---
> Horacio J. Peña
> horape@compendium.com.ar
> horape@uninet.edu
>
>
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
...Love is the ultimate outlaw. It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice. Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question. The words
"make" and "stay" become inappropriate. My love for you has no
strings attached. I love you for free...
-Tom Robins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCKn99st+vzJSwZikRAohTAKC1rYIlSjBXqJwywaJIovA/+ahYpACfYtlv
JA1L3qlbYZ6WmmEMwFIAxYw=
=PK99
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: what is blocking packets before netfilter?
2005-03-06 3:56 ` R. DuFresne
@ 2005-03-06 4:13 ` Horacio J. Peña
0 siblings, 0 replies; 6+ messages in thread
From: Horacio J. Peña @ 2005-03-06 4:13 UTC (permalink / raw)
To: R. DuFresne; +Cc: netfilter
> Is tcpd enabled, does your system have a /etc/hosts.deny file, or a
> hosts.allow that is populated?
No, and afaiu, they shouldn't matter at netfilter level.
> Is there a DSL router, or other
> router/intelligent hub with an integrated firewall in it infront of or
> behind the iptables firewall? Could your ISP be blocking ICMP traffic?
The packets are getting to the box. tcpdump sees them, iptables don't.
Thanks,
HoraPe
> Ron DuFresne
>
> On Sun, 6 Mar 2005, Horacio [iso-8859-1] J. Peña wrote:
>
> >I have:
> >
> ># iptables -L -n -t mangle -v
> >Chain INPUT (policy ACCEPT 19862 packets, 1603K bytes)
> >pkts bytes target prot opt in out source
> >destination
> > 0 0 LOG all -- eth0 * 192.168.2.0/24
> > 0.0.0.0/0 LOG flags 0 level 4
> >
> ># iptables -L -n -t filter -v
> >Chain INPUT (policy ACCEPT 17061 packets, 1410K bytes)
> >pkts bytes target prot opt in out source
> >destination
> > 0 0 LOG all -- eth0 * 192.168.2.0/24
> > 0.0.0.0/0 LOG flags 0 level 4
> >
> ># tcpdump -nvvvpe icmp
> >tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96
> >bytes
> >15:44:34.189337 00:08:a1:6c:39:00 > 00:0a:e6:2d:90:77, ethertype IPv4
> >(0x0800), length 98: IP (tos 0x0, ttl64, id 1016, offset 0, flags [DF],
> >length: 84) 192.168.2.1 > 10.5.0.1: icmp 64: echo request seq 63491
> >
> >00:0a:e6:2d:90:77 is my MAC.
> >
> >/proc/sys/net/ipv4/conf/*/rp_filter are 0.
> >/proc/sys/net/ipv4/conf/*/forwarding are 1.
> >
> >What could be eating the packets? Shouldn't iptables see anything that
> >comes to the interface?
> >
> >Thanks,
> > HoraPe
> >---
> >Horacio J. Peña
> >horape@compendium.com.ar
> >horape@uninet.edu
> >
> >
>
> - --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
>
> ...Love is the ultimate outlaw. It just won't adhere to rules.
> The most any of us can do is sign on as it's accomplice. Instead
> of vowing to honor and obey, maybe we should swear to aid and abet.
> That would mean that security is out of the question. The words
> "make" and "stay" become inappropriate. My love for you has no
> strings attached. I love you for free...
> -Tom Robins <Still Life With Woodpecker>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFCKn99st+vzJSwZikRAohTAKC1rYIlSjBXqJwywaJIovA/+ahYpACfYtlv
> JA1L3qlbYZ6WmmEMwFIAxYw=
> =PK99
> -----END PGP SIGNATURE-----
--
HoraPe
---
Horacio J. Peña
horape@compendium.com.ar
horape@uninet.edu
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2005-03-07 16:01 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-03-05 18:47 what is blocking packets before netfilter? Horacio J. Peña
2005-03-06 17:20 ` Phil Oester
2005-03-07 16:01 ` Horacio J. Peña
-- strict thread matches above, loose matches on Subject: below --
2005-03-06 3:17 Horacio J. Peña
2005-03-06 3:56 ` R. DuFresne
2005-03-06 4:13 ` Horacio J. Peña
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.