Re: packets skipping dnat rule and someting else

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "\"Oleg A. Arkhangelsky\"" <sysoleg@yandex.ru>
To: Hans de Bruin <jmdebruin@xmsnet.nl>, netfilter@vger.kernel.org
Subject: Re: packets skipping dnat rule and someting else
Date: Sat, 24 Sep 2011 19:23:10 +0400	[thread overview]
Message-ID: <647511316877790@web18.yandex.ru> (raw)
In-Reply-To: <4E7DE255.1070805@xmsnet.nl>

24.09.2011, 17:59, "Hans de Bruin" <jmdebruin@xmsnet.nl>:

> [22734.688709] CHAINv4=in_int IN=eth3 OUT=
> MAC=00:30:18:a6:c0:f2:00:0e:00:00:00:01:08:00 SRC=186.207.156.227
> DST=92.254.124.152 LEN=40 TOS=0x00 PREC=0x00 TTL=112 ID=27025 DF
> PROTO=TCP SPT=62434 DPT=16881 WINDOW=0 RES=0x00 RST URGP=0

This packet doesn't belong to any valid connection from conntrack point of
view. Maybe this RST is duplicated and conntrack entry was destroyed a
moment before.

You can use -m conntrack --ctstate INVALID to catch such packets.

-- 
wbr, Oleg.

next prev parent reply	other threads:[~2011-09-24 15:23 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-24 13:59 packets skipping dnat rule and someting else Hans de Bruin
2011-09-24 15:23 ` "Oleg A. Arkhangelsky" [this message]
2011-09-26 21:54   ` Hans de Bruin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=647511316877790@web18.yandex.ru \
    --to=sysoleg@yandex.ru \
    --cc=jmdebruin@xmsnet.nl \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.