Page MenuHomePhabricator

rpiola (Roberto Piola)
User

Projects

User does not belong to any projects.

User Details

User Since
Jun 6 2016, 10:32 AM (154 w, 5 d)

Recent Activity

Jun 10 2016

rpiola added a comment to T82: packets leak un-natted.

I enabled the firewall, and it seems that everything is ok... I no longer see untranslated packets on the outside interface...

Jun 10 2016, 8:32 AM · Rejected
rpiola added a comment to T82: packets leak un-natted.

so, the workaround should be adding
name dropinvalid {

default-action accept
rule 10 {
    action drop
    state {
        invalid enable
    }
}

}

Jun 10 2016, 8:14 AM · Rejected
rpiola added a comment to T82: packets leak un-natted.

Actually, that router is supposed not to do any filtering.
anyway, it is unclear to me where do you want me to configure the firewall rules: usually the "allow established and related" rule is configured in input on the outside interface of the firewall (in my case, eth0), while I have problems with packets EXITING eth0, and coming from eth1.
I should allow ANY packet coming from eth1 to exit from eth0, with their address translated (otherwise, how can a client pc, connected to eht1, start a NEW connection to the outside world?

Jun 10 2016, 7:29 AM · Rejected

Jun 9 2016

rpiola added a comment to T82: packets leak un-natted.

I uploaded the two captures.

Jun 9 2016, 1:28 PM · Rejected
rpiola added a comment to T82: packets leak un-natted.

I installed 1.2.0beta1 ... it shows the same problem.

Jun 9 2016, 1:19 PM · Rejected
rpiola added a comment to T82: packets leak un-natted.

We use vmxnet3 adapters

Jun 9 2016, 12:49 PM · Rejected

Jun 6 2016

rpiola created T82: packets leak un-natted.
Jun 6 2016, 10:50 AM · Rejected