Displaying 20 results from an estimated 1000 matches similar to: "[Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge"
2006 Jun 08
5
[Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=400
------- Additional Comments From pila@pilasecurity.com 2006-06-08 10:03 MET -------
I had the same trouble yesterday.
It's very useful to have vlan over bridges. Think this situation:
1- You have a cluster of firewall
2- You have a DMZ net with two switches for redundancy
3- You have two nic on your firewall to connect to each
2006 Jan 28
5
[Bug 318] masq fails on existing connection using marks and iproute2 source routing
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=318
------- Additional Comments From kaber@trash.net 2006-01-28 17:29 MET -------
Please execute"echo 255 >/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid"
after loading ipt_LOG and post the results.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this
2007 Mar 15
5
[Bug 554] Packet illegaly bypassing SNAT
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554
------- Additional Comments From kaber@trash.net 2007-03-15 02:53 MET -------
Most likely these packets are considered invalid by connection tracking and
therefore not handled by NAT. Try this:
iptables -t mangle -A POSTROUTING -m state --state INVALID -j DROP
--
Configure bugmail:
2007 Mar 04
13
[Bug 552] Strange DNAT behaviour... packet don't pass to PREROUTING and go directly in INPUT !!
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=552
------- Additional Comments From cbettero@ciditech.it 2007-03-04 21:48 MET -------
This problem prevents AJAX web sites to be hosted on the internal web server,
because many packets will be dropped instead of passing into PREROUTING chain...
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
2006 Feb 08
15
[Bug 443] 2.6 kernel failing in NAT with significant outbound traffic
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=443
------- Additional Comments From nothingel@hotmail.com 2006-02-08 05:35 MET -------
I also, the situation described in bug ID 322 seemed related and I tried the
patch from Phil Oester but it did not make a difference.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving
2004 Oct 31
9
Maquerading through IPSECed wireless dropping packets selectively?
Hello,
I''m stuck IPSECing my wireless network at home and would appreciate any
comments. I appologize in advance if I''m wasting your time with trivia -
I''m not a professional and staring at the problem for days from various
angles hasn''t done me any good ...
My home server/firewall (morannon) is hooked up through an USB to
ethernet adapter (eth1) to my DSL
2007 May 26
14
[Bug 570] PREROUTING is unaware of VLAN interfaces
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=570
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From kaber@trash.net 2007-05-26
2014 Jan 10
1
Switch mode three-node routing problem
Dear tinc community,
I am using tinc in switch mode. I have three nodes. Two nodes reside on
routers, vpn-eth is bridged with internal lan, each router has several
machines connected to it's internal lan. Third node is the roadwarrior -
"endpoint" linux PC.
When the roadwarrior is off - everything works perfectly, machines on both
sides can communicate without a problem in any
2005 May 02
1
Problems with ipsec roadwarrior
Hello,
i have got a problem with the configuration of an roadwarrior ipsec VPN tunnel with shorewall 2.2.3.
I read the Shorewall Kernel 2.6 IPSEC and folowed the instructions to that point
where to modify the hosts with the folowing parameters:
vpn eth0:0.0.0.0/0 ipsec
But i have got an entry like
net eth0:0.0.0.0/0
even in the same file:
If i
2004 Dec 22
2
IPSec and Roadwarrior
Tom,
After reading your latest postings, I am correct in understanding that,
even with the netfilter-ipsec and policy patches in kernel 2.6, I still
would not be able to connect more that one roadwarrior at a time?
Mitch
2004 Dec 19
6
IPSEC vs OpenVPN
While I have concentrated on support for 2.6 native IPSEC in release
2.2.0, I am still of the opinion that unless you absolutely need IPSEC
compatibility that OpenVPN is a much easier (and in the case of
roadwarriors, a much better) solution.
Having already generated all of the required X.509 certificates, it took
me less than 1/2 hr to replace my IPSEC testbed with an OpenVPN one
using the new
2006 Sep 15
18
[Bug 511] Premature ip_conntrack timer expiry on 3+ window size advertisements
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=511
------- Additional Comments From kaber@trash.net 2006-09-15 06:42 MET -------
So you're saying the problem is that the receiver updates its window multiple
times without receiving any data in between, thereby falsely triggering the
"dead-peer detection" (as you call it)?
--
Configure bugmail:
2006 Apr 21
16
[Bug 460] Unknown error 4294967295
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=460
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From laforge@netfilter.org
2007 Jan 11
3
[Bug 531] ip_tables.h: IPT_TABLE_MAXNAMELEN bogously #defined to XT_FUNCTION_MAXNAMELEN
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=531
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|laforge@netfilter.org |kaber@trash.net
------- Additional Comments From kaber@trash.net 2007-01-11 19:00 MET -------
Very nice catch. I guess it
2006 Jun 28
7
[Bug 479] tunnel0 and br0
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=479
netfilter@linuxace.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter@linuxace.com
------- Additional Comments From netfilter@linuxace.com 2006-06-28 02:57 MET -------
Tom - did
2004 Dec 10
2
Re: 2.6 Kernel and Native IPSEC
>From your post on Oct. 4, 2004
>As I announced earlier, I''m on vacation this week and we are spending
>the week at our second home. Before I left, I simulated an IPSEC tunnel
>between this house and our home in the Seattle area and I''m pleased to
>announce that the real tunnel works flawlessly.
>
>So I believe that I have done all of the testing that I can
2006 Aug 25
9
[Bug 503] ip_conntrack_sip , ip_nat_sip DNAT
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=503
siqhamo@newlunar.co.za changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are
2013 Apr 11
2
IKEv2/IPSEC "Road Warrior" VPN Tunneling?
Is there a "cookbook" for setting this up? There are examples for
setting up a tunnel between two fixed-address networks (e.g. a remote
LAN that needs to be "integrated" with a central LAN over IPSec but I
can't find anything addressing the other situation -- remote user(s)
where the connecting IPs are not known in advance, such as a person with
a laptop or smartphone in a
2006 Aug 29
7
[Bug 507] tun99 don't trapped by tun+
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From kaber@trash.net 2006-08-29
2007 Feb 25
5
[Bug 549] kernel oops when trying to remove ip_conntrack module
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=549
------- Additional Comments From kaber@trash.net 2007-02-25 22:58 MET -------
> When ip_conntrack_pptp / ip_nat_pptp modules are loaded in addition
to ftp ones, the oops happens in one of the latter two modules.
I'm not sure I understand. ip_conntrack shouldn't be unloadable while these
modules are still loaded, so how