OpenVZ Forum


Home » General » Support » *CLOSED* Invalid packets from HN
*CLOSED* Invalid packets from HN [message #10636] Sun, 25 February 2007 09:37 Go to previous message
heruan is currently offline  heruan
Messages: 17
Registered: February 2007
Junior Member
My network configuration is:
     LAN1 <===> GATEWAY <===> HN=VEs
192.168.11.0/24   ||        192.168.10.0/24
                 LAN2
           192.168.12.0/24


When I try to access HN (or VEs) from LAN1 or LAN2 the connection is very slow and on gateway logs I see a lot of:
Feb 25 10:00:29 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3458 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=902 RES=0x00 ACK URGP=0 
Feb 25 10:00:30 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=204 TOS=0x00 PREC=0x00 TTL=63 ID=3459 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=902 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:30 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3460 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=902 RES=0x00 ACK URGP=0 
Feb 25 10:00:31 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=204 TOS=0x00 PREC=0x00 TTL=63 ID=3461 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=902 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:34 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=3464 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK URGP=0 
Feb 25 10:00:34 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=516 TOS=0x00 PREC=0x00 TTL=63 ID=3465 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:35 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=516 TOS=0x00 PREC=0x00 TTL=63 ID=3466 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:35 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3467 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK URGP=0 
Feb 25 10:00:35 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=516 TOS=0x00 PREC=0x00 TTL=63 ID=3468 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:35 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3469 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK URGP=0 
Feb 25 10:00:36 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=516 TOS=0x00 PREC=0x00 TTL=63 ID=3470 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:36 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3471 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK URGP=0 
Feb 25 10:00:37 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=516 TOS=0x00 PREC=0x00 TTL=63 ID=3472 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK PSH URGP=0 
Feb 25 10:00:48 gw1 kernel: host 192.168.10.13/if2 ignores redirects for 192.168.12.4 to 192.168.12.4.
Feb 25 10:00:48 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=3475 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK FIN URGP=0 
Feb 25 10:00:48 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=3476 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK FIN URGP=0 
Feb 25 10:00:48 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3477 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK URGP=0 
Feb 25 10:00:49 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=3478 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK FIN URGP=0 
Feb 25 10:00:49 gw1 kernel: Invalid packet: IN=eth1 OUT=eth1 SRC=192.168.10.13 DST=192.168.12.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=3479 DF PROTO=TCP SPT=22 DPT=52313 WINDOW=1080 RES=0x00 ACK URGP=0

referring to the iptables rule:
iptables -A bad_packets -p ALL -m state --state INVALID -j LOG --log-prefix "Invalid packet: "
iptables -A bad_packets -p ALL -m state --state INVALID -j DROP

Routing between LAN1 and LAN2 runs fine.
I can't figure out why packets from the HN are marked as INVALID...

[Updated on: Mon, 26 February 2007 11:18] by Moderator

Report message to a moderator

[Message index]
 
Read Message
Read Message
Previous Topic: *CLOSED* How do you create VEs on Debian/Ubuntu?
Next Topic: *CLOSED* CPU limits not working
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sat Nov 16 15:29:01 GMT 2024

Total time taken to generate the page: 0.03002 seconds
Powered by FUDforum Powered by Virtuozzo Containers