Re: packets skipping dnat rule and someting else

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Hans de Bruin <jmdebruin@xmsnet.nl>
To: "Oleg A. Arkhangelsky" <sysoleg@yandex.ru>
Cc: netfilter@vger.kernel.org
Subject: Re: packets skipping dnat rule and someting else
Date: Mon, 26 Sep 2011 23:54:33 +0200	[thread overview]
Message-ID: <4E80F499.3070000@xmsnet.nl> (raw)
In-Reply-To: <647511316877790@web18.yandex.ru>

On 09/24/2011 05:23 PM, "Oleg A. Arkhangelsky" wrote:
>
>
> 24.09.2011, 17:59, "Hans de Bruin"<jmdebruin@xmsnet.nl>:
>
>> [22734.688709] CHAINv4=in_int IN=eth3 OUT=
>> MAC=00:30:18:a6:c0:f2:00:0e:00:00:00:01:08:00 SRC=186.207.156.227
>> DST=92.254.124.152 LEN=40 TOS=0x00 PREC=0x00 TTL=112 ID=27025 DF
>> PROTO=TCP SPT=62434 DPT=16881 WINDOW=0 RES=0x00 RST URGP=0
>
> This packet doesn't belong to any valid connection from conntrack point of
> view. Maybe this RST is duplicated and conntrack entry was destroyed a
> moment before.
>
> You can use -m conntrack --ctstate INVALID to catch such packets.
>

Thanks, that rule has droped 570000 packets in my ignore chain in about 
two and a half day's. Now my logs are readable again.

Except for the RST packets there were also a lot of ACK FIN packets. I 
wonder if the 570000 packets are a small or a big percentage of the 
total number of tcp/ip sessions.

-- 
Hans

     prev parent reply	other threads:[~2011-09-26 21:54 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-24 13:59 packets skipping dnat rule and someting else Hans de Bruin
2011-09-24 15:23 ` "Oleg A. Arkhangelsky"
2011-09-26 21:54   ` Hans de Bruin [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E80F499.3070000@xmsnet.nl \
    --to=jmdebruin@xmsnet.nl \
    --cc=netfilter@vger.kernel.org \
    --cc=sysoleg@yandex.ru \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.