Re: 2.6.12: connection tracking broken?

From: Tobias DiPasquale
Date: Sat Jun 18 2005 - 10:16:27 EST

On 6/18/05, Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> wrote:
> >I have just tried upgrading my firewall to 2.6.12, but neither of the following rules in my
> >FORWARD table was allowing return traffic:
> You forget about INPUT and OUTPUT. If you drop everything in INPUT, there's
> nothing to FORWARD.

No. INPUT/OUTPUT rules have nothing to do with FORWARDed traffic,
since a packet is either locally destined (INPUT), locally originated
(OUTPUT) or being forwarded (FORWARD).

> > 1109 814K ACCEPT all -- ppp0 br0 anywhere anywhere ctstate
> > 11M 13G ACCEPT all -- ppp0 br0 anywhere anywhere state
> >
> >I have currently returned to using, where the identical configuration works fine. br0 is
> >a bridge device containing two e100 devices, and ppp0 is my PPPoE DSL link. I am using iptables
> >1.3.1.

Did you have /proc/sys/net/ipv4/ip_forward turned on?

[ Tobias DiPasquale ]
