I got a weird problem with Astaro 4.017:
I have a network (10.4.0.0/16) which is routed via a separate VPN (static route added).
Now if i try to access this network from one of my subnets, which is NOT allowed to access this network (10.4.0.0/16), the kernel drops the packet:
2004-Mar 31 13:16:26 (none) kernel: TCP Drop: IN=eth3 OUT=eth3 SRC=10.20.30.10 DST=10.4.104.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=3024 DF PROTO=TCP SPT=49654 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
This is the expected behaviour. But if I send a ICMP ping from the same server to a host on the VPN network, I can access the host. It seems as if the packet filter ignores the packets.
Example shell session:
Code:
[13:00:15][import@uciuk-app-01:~]$netcat -nv 10.4.104.1 80
(UNKNOWN) [10.4.104.1] 80 (?) : Connection timed out
(This is how it should be)
Now I ping the host while i try to connect:
Code:
[13:03:39][import@uciuk-app-01:~]$ping 10.4.104.1 >/dev/null &
[3] 23809
[13:08:02][import@uciuk-app-01:~]$netcat -nv 10.4.104.1 80
(UNKNOWN) [10.4.104.1] 80 (?) open
Weird?
Regards,
Patrick
This thread was automatically locked due to age.