Re: state: INVALID - Jason Opperisano

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Cc: bj-schmidt@uni-paderborn.de
Subject: Re: state: INVALID
Date: Mon, 22 Nov 2004 12:54:40 -0500	[thread overview]
Message-ID: <20041122175440.GA31032@bender.817west.com> (raw)
In-Reply-To: <41A2010A.9090601@uni-paderborn.de>

alright--let's reset here.  this is how i understand the situation:

you have two machines:

192.168.1.1	(skyron)
192.168.1.2	(gigabyte)

there's an IPSec tunnel setup between the two machines to encrypt all
traffic between them.

you are trying to initiate an SSH connection from 192.168.1.1 to
192.168.1.2.

192.168.1.2 is running iptables.

with no rules loaded on 192.168.1.2, the SSH connection from 192.168.1.1
succeeds.

once you load a basic ruleset on 192.168.1.2--the ACK packets from
192.168.1.2 to 192.168.1.1 get dropped in the OUTPUT chain which allows
"-m state --state ESTABLISHED" packets.

is *all* of the above precisely correct?  if not--where am i losing it?

-j

next prev parent reply	other threads:[~2004-11-22 17:54 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-11-19 22:37 state: INVALID Björn Schmidt
2004-11-20 22:46 ` Jason Opperisano
2004-11-20 23:18   ` Björn Schmidt
2004-11-21 18:25     ` Jason Opperisano
2004-11-21 22:46       ` Björn Schmidt
2004-11-22 13:45         ` Jason Opperisano
     [not found]           ` <41A2010A.9090601@uni-paderborn.de>
2004-11-22 17:54             ` Jason Opperisano [this message]
     [not found]               ` <41A23EE6.4080804@uni-paderborn.de>
2004-11-22 21:39                 ` Jason Opperisano
     [not found]                   ` <41A3007B.7090009@uni-paderborn.de>
2004-11-23  9:31                     ` Jason Opperisano
2004-11-23 14:05                       ` Jason Opperisano
     [not found]                         ` <41A3AFC4.4030109@uni-paderborn.de>
2004-11-24 13:07                           ` Björn Schmidt
     [not found]   ` <419FD149.50308@uni-paderborn.de>
2004-11-20 23:33     ` Björn Schmidt
2004-11-23  9:37 ` Jozsef Kadlecsik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20041122175440.GA31032@bender.817west.com \
    --to=opie@817west.com \
    --cc=bj-schmidt@uni-paderborn.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox