Re: a missing rule / incomplete routing

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Vigneswaran R <vignesh@atc.tcs.com>
To: lejeczek <peljasz@yahoo.co.uk>
Cc: netfilter <netfilter@vger.kernel.org>
Subject: Re: a missing rule / incomplete routing
Date: Mon, 11 Aug 2014 17:24:08 +0530	[thread overview]
Message-ID: <53E8AEE0.60800@atc.tcs.com> (raw)
In-Reply-To: <53E8946F.2070403@yahoo.co.uk>

On 08/11/2014 03:31 PM, lejeczek wrote:
> dear experts
>
> I'm looking for ideas/suggestion why the following does not work
>
> there is a:
> * box A - 172.17.166.199 --  then there is 172./8 net -- box B - 
> 172.25.12.101 (phys0), 192.168.2.100 (phys1) -- and one more net 
> behind 192.168.2.100
>
> a 192.168.2.81 from behind box B can ping172.17.166.199
> but not the other way around, box A cannot get to box B's phys1 but it 
> does get to phys0
>
> I can control box A but have no control over the nets between it and 
> box B's phys0
> I can control box B
>
> I thought my route rules on box B are complete, box A is a winbox
> I though box B' firewall is ready
> but I obviously miss something
>
> there is no masquerading for phys0 nor phys1 one box B

It looks like  the firewall (FORWARD chain) in B is not allowing NEW 
connections from phys0 to phys1; only allowing ESTABLISHED connections, 
which made the ICMP reply packets through.


Regards,
Vignesh

next prev parent reply	other threads:[~2014-08-11 11:54 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-08-11 10:01 a missing rule / incomplete routing lejeczek
2014-08-11 11:54 ` Vigneswaran R [this message]
2014-08-13 10:21   ` [Bulk] " lejeczek
2014-08-13 11:12     ` Vigneswaran R
2014-08-15 11:29       ` lejeczek
2014-08-18  3:31         ` Vigneswaran R

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53E8AEE0.60800@atc.tcs.com \
    --to=vignesh@atc.tcs.com \
    --cc=netfilter@vger.kernel.org \
    --cc=peljasz@yahoo.co.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.