Re: Conntrack not recording packets going through a firewall

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mike Wright <mike.wright@mailinator.com>
To: David J Craigon <david@craigon.co.uk>
Cc: netfilter@vger.kernel.org
Subject: Re: Conntrack not recording packets going through a firewall
Date: Wed, 21 Jan 2009 08:49:47 -0800	[thread overview]
Message-ID: <4977522B.5030007@mailinator.com> (raw)
In-Reply-To: <c1ace6860901210632m6d9e5b12g71010545a57be1b5@mail.gmail.com>

David J Craigon wrote:
> Hello,
> 
> I'm trying to build a firewall using Linux, iptables and conntrack. My
> set up is pretty simple- I've got a computer with three interfaces-
> one pointing to the internet, and two networks for different
> "customers".
> 
> 
> Internet--------Firewall------Customer 1
>                            |
>                            ----------Customer 5
> 
> 
> 
> Customer 1 has 10.72.2.0/24. Customer 5 has 10.72.3.0/24. Both
> customers have a server 10.72.2/3.3 running httpd on port 80.
> 
> Now, both Customer servers can get to the internet, and the internet
> can get to them, but Customer 1's server can't get to Customer 5's
> server.

Hi David,

Perhaps you need "routes" established for those subnets.

ip route add 10.72.2.0/24 dev ethX   #customer1's nic
ip route add 10.72.3.0/24 dev ethY   #customer5's nic

hth,
:m)

next prev parent reply	other threads:[~2009-01-21 16:49 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-01-21 14:32 Conntrack not recording packets going through a firewall David J Craigon
2009-01-21 16:49 ` Mike Wright [this message]
2009-01-21 17:20   ` David J Craigon
2009-01-21 17:37     ` David J Craigon
2009-01-21 18:36       ` Mike Wright
2009-01-21 20:33         ` David J Craigon
2009-01-21 21:22           ` Mike Wright
2009-01-21 22:23             ` David J Craigon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4977522B.5030007@mailinator.com \
    --to=mike.wright@mailinator.com \
    --cc=david@craigon.co.uk \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.