[Firehol-support] Help Needed - Debugging Implicitly Dropped Forwarded Packets

Federico Sevilla III jijo at fs3.ph
Sun Jan 3 04:00:44 GMT 2010


Hi Costa,

Thank you very much for your prompt and authoritative reply. My comments
in-line.

On Wed, 2009-12-30 at 18:05 +0200, Costa Tsaousis wrote:
> This packet is dropped by the iptables connection tracker, not firehol 
> rules.

You are definitely correct that the iptables connection tracker was
getting confused by one machine going through the firewall and the other
bypassing it.

I've solved the problem by implementing source-based routing on the
OpenVZ hardware node, forcing packets to go through the firewall as
appropriate.

All is well now.

Thank you very much.

Cheers!

-- 
Federico Sevilla III
F S 3 Consulting Inc.
http://www.fs3.ph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20100103/fadda5ba/attachment.sig>


More information about the Firehol-support mailing list