Mailinglist Archive: opensuse (686 mails)

< Previous Next >
Re: [opensuse] need some ideas - traffic appears to be disappearing
On Thu, Jul 11, 2013 at 03:16:15PM +0200, Per Jessen wrote:
Marcus Meissner wrote:

run:
iptables-save

and post the output (will be your full iptables tree, censor stuff
in-place if necessary, but do not delete rules).

dupont51:~ # iptables-save
# Generated by iptables-save v1.4.16.3 on Thu Jul 11 15:13:03 2013
*nat
:PREROUTING ACCEPT [4783:2188600]
:INPUT ACCEPT [1327:1893585]
:OUTPUT ACCEPT [389:42500]
:POSTROUTING ACCEPT [668:61054]
-A OUTPUT -m mark --mark 0x14 -m statistic --mode nth --every 2 -j DNAT
--to-destination 192.168.4.209
-A OUTPUT -m mark --mark 0x14 -j DNAT --to-destination 192.168.4.200
-A OUTPUT -m mark --mark 0x15 -j DNAT --to-destination 192.168.4.209
-A OUTPUT -m mark --mark 0x16 -j DNAT --to-destination 192.168.4.200
COMMIT
# Completed on Thu Jul 11 15:13:03 2013
# Generated by iptables-save v1.4.16.3 on Thu Jul 11 15:13:03 2013
*mangle
:PREROUTING ACCEPT [375604:491572865]
:INPUT ACCEPT [374855:491456039]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [124153:16792412]
:POSTROUTING ACCEPT [124153:16792412]
-A PREROUTING -i ipip1 -j MARK --set-xmark 0x7/0xffffffff
-A PREROUTING -i ipip1 -j LOG --log-prefix "prerout: " --log-level 7
-A OUTPUT -d 192.168.4.205/32 -p udp -m udp --dport 53 -j MARK --set-xmark
0x16/0xffffffff
-A OUTPUT -d 192.168.4.205/32 -p tcp -m tcp --dport 53 -j MARK --set-xmark
0x16/0xffffffff
-A OUTPUT -d 192.168.4.205/32 -p tcp -m tcp --dport 10031 -j MARK --set-xmark
0x16/0xffffffff
-A OUTPUT -s 10.7.1.16/30 -p tcp -m tcp --dport 25 -j MARK --set-xmark
0xc/0xffffffff
-A OUTPUT -s 10.7.1.16/30 -p tcp -m tcp --dport 30077 -j MARK --set-xmark
0xc/0xffffffff
-A OUTPUT -s 10.7.1.16/30 -p tcp -m tcp --sport 25 -j MARK --set-xmark
0xb/0xffffffff
-A OUTPUT -s 10.7.2.16/30 -p tcp -m tcp --sport 25 -j MARK --set-xmark
0xc/0xffffffff
-A OUTPUT -s 10.7.1.16/30 -p tcp -m tcp --sport 10056 -j MARK --set-xmark
0xb/0xffffffff
-A OUTPUT -s 10.7.2.16/30 -p tcp -m tcp --sport 10056 -j MARK --set-xmark
0xc/0xffffffff
COMMIT
# Completed on Thu Jul 11 15:13:03 2013
# Generated by iptables-save v1.4.16.3 on Thu Jul 11 15:13:03 2013
*filter
:INPUT ACCEPT [374875:491457079]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [124173:16795500]
-A INPUT -i ipip1 -p tcp -j LOG --log-prefix "input: " --log-level 7
-A FORWARD -i ipip1 -p tcp -j LOG --log-prefix "forward: " --log-level 7
COMMIT
# Completed on Thu Jul 11 15:13:03 2013

Looks good.

Do you have sample packets captured with tcpdump -i ipip1 ?

From where do you telnet to this machine?

"ipip1" sounds like a ip-in-ip tunnel, which might have more additional
weirdness.

Is this looking at encapsulated traffic, or already the decapsulated traffic?

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups