From: Tobias DiPasquale <codeslinger@gmail.com>
To: Jan Engelhardt <jengelh@linux01.gwdg.de>,
Chris Rankin <rankincj@yahoo.com>
Cc: netfilter-devel@lists.netfilter.org, linux-kernel@vger.kernel.org
Subject: Re: 2.6.12: connection tracking broken?
Date: Sat, 18 Jun 2005 11:14:45 -0400 [thread overview]
Message-ID: <876ef97a05061808141d503f58@mail.gmail.com> (raw)
In-Reply-To: <Pine.LNX.4.61.0506181656250.20828@yvahk01.tjqt.qr>
On 6/18/05, Jan Engelhardt <jengelh@linux01.gwdg.de> wrote:
> >I have just tried upgrading my firewall to 2.6.12, but neither of the following rules in my
> >FORWARD table was allowing return traffic:
>
> You forget about INPUT and OUTPUT. If you drop everything in INPUT, there's
> nothing to FORWARD.
No. INPUT/OUTPUT rules have nothing to do with FORWARDed traffic,
since a packet is either locally destined (INPUT), locally originated
(OUTPUT) or being forwarded (FORWARD).
> > 1109 814K ACCEPT all -- ppp0 br0 anywhere anywhere ctstate
> >RELATED,ESTABLISHED
> > 11M 13G ACCEPT all -- ppp0 br0 anywhere anywhere state
> >RELATED,ESTABLISHED
> >
> >I have currently returned to using 2.6.11.11, where the identical configuration works fine. br0 is
> >a bridge device containing two e100 devices, and ppp0 is my PPPoE DSL link. I am using iptables
> >1.3.1.
Did you have /proc/sys/net/ipv4/ip_forward turned on?
--
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d
next prev parent reply other threads:[~2005-06-18 15:14 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-18 12:43 2.6.12: connection tracking broken? Chris Rankin
2005-06-18 14:57 ` Jan Engelhardt
2005-06-18 15:14 ` Tobias DiPasquale [this message]
2005-06-18 17:16 ` Chris Rankin
2005-06-20 7:19 ` Harald Welte
2005-06-18 19:25 ` Santiago Garcia Mantinan
2005-06-18 22:12 ` Santiago Garcia Mantinan
2005-06-19 13:05 ` Patrick McHardy
2005-06-20 0:05 ` Herbert Xu
2005-06-20 0:18 ` David S. Miller
2005-06-20 0:50 ` Herbert Xu
2005-06-20 2:45 ` Patrick McHardy
2005-06-20 6:39 ` Bart De Schuymer
2005-06-20 12:15 ` Patrick McHardy
2005-06-20 18:46 ` Bart De Schuymer
2005-06-20 18:57 ` Phil Oester
2005-06-20 23:27 ` Patrick McHardy
2005-06-20 23:22 ` Patrick McHardy
2005-06-21 7:19 ` Bart De Schuymer
2005-06-21 15:16 ` Patrick McHardy
2005-06-21 20:46 ` Bart De Schuymer
2005-06-21 21:23 ` Chris Wright
2005-06-21 22:32 ` David S. Miller
2005-06-21 22:34 ` Chris Wright
2005-06-22 0:26 ` Patrick McHardy
2005-06-22 22:58 ` Chris Rankin
2005-06-23 17:42 ` Patrick McHardy
2005-06-23 19:49 ` David S. Miller
2005-06-24 8:39 ` Patrick McHardy
2005-06-28 23:07 ` David S. Miller
2005-06-22 0:45 ` Patrick McHardy
2005-06-22 21:49 ` Herbert Xu
2005-06-23 0:02 ` Carl-Daniel Hailfinger
2005-06-23 3:31 ` Patrick McHardy
2005-06-23 6:27 ` [Ebtables-devel] " Bart De Schuymer
2005-06-23 3:26 ` Patrick McHardy
2005-06-23 3:53 ` Herbert Xu
2005-06-23 6:23 ` Bart De Schuymer
2005-06-27 8:32 ` Harald Welte
2005-06-27 11:46 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=876ef97a05061808141d503f58@mail.gmail.com \
--to=codeslinger@gmail.com \
--cc=jengelh@linux01.gwdg.de \
--cc=linux-kernel@vger.kernel.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=rankincj@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox