From: Pascal Vilarem <pascal.vilarem@9online.fr>
To: netfilter@lists.netfilter.org
Subject: Re: iptables ceases to work after night
Date: Thu, 11 Sep 2003 12:55:44 +0200 [thread overview]
Message-ID: <3F6054B0.9020501@9online.fr> (raw)
In-Reply-To: <E19xL7G-000NJQ-00.varyag18-mail-ru@f10.mail.ru>
what does iptables-save returns on the morning ?
is it different from what it returns when forwarding is ok ?
if you find differences... there is something to find that alter
netfilter config
(a firewall script ? something like an iptables-restore script ?)
if you don't find differences :
check to see if resetting netfiler and giving again the config is enough...
if yes... i'd suggest to update netfilter an perhaps the kernel...
stop netfilter and check if something can go through your netcard...
if no... i'd suggest to check the driver of the netcard... and perhaps
the netcard itself.
hope this can help,
Pascal
Vladimir Potapov wrote:
>Yesterday at evening my packet filter with iptables worked fine.Today at morning , I see that he don't forwarding packet from DMZ to local and back.And this thing I see every morning.After I reboot my machine it's work fine.I think that my 3com cards have some bugs.In log there no entries about this . My rules is:
>
>
>#Allow from local to DMZ and back
>
>
>-A FORWARD -d 192.168.1.0/255.255.255.0 -i eth1 -o eth2 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
>
>-A FORWARD -d 192.168.5.0/255.255.255.0 -i eth2 -o eth1 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
>
>-A FORWARD -s 192.168.1.0/255.255.255.0 -d 192.168.5.0/255.255.255.0 -i eth2 -o eth1 -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j ACCEPT
>
>-A FORWARD -s 192.168.1.0/255.255.255.0 -d 192.168.5.0/255.255.255.0 -i eth2 -o eth1 -p tcp -m tcp --dport 3128 --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j ACCEPT
>
>-A FORWARD -s 192.168.1.0/255.255.255.0 -d 192.168.5.0/255.255.255.0 -i eth2 -o eth1 -p tcp -m tcp --dport 25 --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j ACCEPT
>
>-A FORWARD -s 192.168.1.0/255.255.255.0 -d 192.168.5.0/255.255.255.0 -i eth2 -o eth1 -p tcp -m tcp --dport 110 --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j ACCEPT
>
>
>
>
>
next prev parent reply other threads:[~2003-09-11 10:55 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <HMEKJPOHJKKBIDHGBCMDIEGLCAAA.varyag18@mail.ru>
2003-09-06 12:49 ` Problems with DNS Cedric Blancher
2003-09-08 12:51 ` Re[2]: " "Vladimir Potapov"
2003-09-08 13:44 ` Cedric Blancher
2003-09-08 15:13 ` Vladimir Potapov
2003-09-11 6:39 ` iptables ceases to work after night "Vladimir Potapov"
2003-09-11 10:55 ` Pascal Vilarem [this message]
2003-09-11 11:17 ` Pascal Vilarem
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F6054B0.9020501@9online.fr \
--to=pascal.vilarem@9online.fr \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox