OpenVZ Forum: Support » *CLOSED* Invalid packets from HN

Home » General » Support » *CLOSED* Invalid packets from HN

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

*CLOSED* Invalid packets from HN [message #10636]

Sun, 25 February 2007 09:37

heruan
Messages: 17
Registered: February 2007

Junior Member

My network configuration is:

     LAN1 <===> GATEWAY <===> HN=VEs
192.168.11.0/24   ||        192.168.10.0/24
                 LAN2
           192.168.12.0/24

When I try to access HN (or VEs) from LAN1 or LAN2 the connection is very slow and on gateway logs I see a lot of:

Feb 25 10:00:29 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3458 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=902 RES=0x00 ACK URGP=0 
Feb 25 10:00:30 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=204 TOS=0x00 PREC=0x00 TTL=63 ID=3459 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=902 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:30 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3460 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=902 RES=0x00 ACK URGP=0 
Feb 25 10:00:31 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=204 TOS=0x00 PREC=0x00 TTL=63 ID=3461 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=902 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:34 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=3464 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK URGP=0 
Feb 25 10:00:34 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=516 TOS=0x00 PREC=0x00 TTL=63 ID=3465 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:35 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=516 TOS=0x00 PREC=0x00 TTL=63 ID=3466 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:35 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3467 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK URGP=0 
Feb 25 10:00:35 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=516 TOS=0x00 PREC=0x00 TTL=63 ID=3468 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:35 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3469 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK URGP=0 
Feb 25 10:00:36 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=516 TOS=0x00 PREC=0x00 TTL=63 ID=3470 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:36 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3471 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK URGP=0 
Feb 25 10:00:37 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=516 TOS=0x00 PREC=0x00 TTL=63 ID=3472 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:48 gw1 kernel: host 192.168.10.13/if2 ignores redirects for 192.168.12.4 to 192.168.12.4.
Feb 25 10:00:48 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=3475 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK FIN URGP=0 
Feb 25 10:00:48 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=3476 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK FIN URGP=0 
Feb 25 10:00:48 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3477 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK URGP=0 
Feb 25 10:00:49 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=3478 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK FIN URGP=0 
Feb 25 10:00:49 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3479 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK URGP=0

referring to the iptables rule:

iptables -A bad_packets -p ALL -m state --state INVALID -j LOG --log-prefix "Invalid packet: "
iptables -A bad_packets -p ALL -m state --state INVALID -j DROP

Routing between LAN1 and LAN2 runs fine.
I can't figure out why packets from the HN are marked as INVALID...

[Updated on: Mon, 26 February 2007 11:18] by Moderator

Report message to a moderator