All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Lars Täuber" <taeuber@bbaw.de>
To: netfilter@lists.netfilter.org
Subject: Re: Valid packets blocked as invalid?
Date: Thu, 19 Apr 2007 08:33:48 +0200	[thread overview]
Message-ID: <20070419083348.364c873e.taeuber@bbaw.de> (raw)
In-Reply-To: <web-69045730@bk1.webmaillogin.com>

Hallo Jorge!

> I'm guessing a routing problem here. If you see the log you can see that the 
> packet marked as invalid have the same incoming/outgoing interface.

Yes, it's the same interface but that is intention.

 
> Your diagram, as you said is:
> 
> eth2
> |
> |
> +--- gtw 194.95.188.25 --- LAN 194.95.188.192/26
> |
> |
> LAN 194.95.188.0/26

You'r right that's the situation.

We know the problem could be solved by setting appropriate routes to the gateways in all servers in the 194.95.188.0/26 network. But we don't like that.
Is the routing the reason for the kernel to mark this packet as invalid?

The firewall is our default gateway and also a gateway to some more networks. We don't want to put detailed routes in all servers in the 194.95.188.0/26 network. They all only know the default gateway (and firewall) 194.95.188.7. They all get the information about the better next hop by the fireall via icmp redirects automatically we think.

But why is the packet invalid?

Regards
Lars


  reply	other threads:[~2007-04-19  6:33 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-04-18 13:19 Valid packets blocked as invalid? Lars Täuber
2007-04-18 15:30 ` Jorge Davila
2007-04-19  6:33   ` Lars Täuber [this message]
2007-04-19  9:23     ` Lars Täuber
2007-04-19 11:10       ` Problem resolved! Lars Täuber

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070419083348.364c873e.taeuber@bbaw.de \
    --to=taeuber@bbaw.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.