[ale] ODD iptables issue?
Alex Carver
agcarver+ale at acarver.net
Wed May 26 12:56:11 EDT 2021
The link is gone now so I can't look at the ruleset but check for any
other traffic counters, rate limiters, or other shaping rules. A lot of
them may be associated with attaching marks on the packet and then
matching against that mark.
On 2021-05-21 11:55, Robert Harris via Ale wrote:
> yeah, in all reality, it's 1 = on, anything else is off. typo fixed
> though. It's just odd how it blocks the traffic til a restart of the
> iptables then boom, good to go. Not even a reboot. Then about 12+hours (
> random # I haven't narrowed down ) it starts failing again. Nothing in
> dmessage I can see either.
>
>
> On Fri, May 21, 2021 at 12:00 PM Jim Kinney <jim.kinney at gmail.com> wrote:
>
>> Do QOS choices are 1 or 2 so you picked 0. Probably comment is wrong. But
>> it looks (on a glance) that your startup for working vpn requires qos=1.
>> Maybe the restart sets it to 1 than later a timeout happens with no vpn
>> traffic and that section times out and closes. Don't see anything obvious
>> to me on shutting down the forwarding for vpn traffic.
>>
>> On May 21, 2021 11:32:58 AM EDT, Robert Harris via Ale <ale at ale.org>
>> wrote:
>>>
>>>
>>> I have a very weird one. I'm running an ubuntu firewall, kernel
>>> 5.8.0-48-generic with iptables 1.8.5-3ubuntu2.20.10.2 ( WTF???? ) and it's
>>> up to date on patches. For work, I have to connect to an openvpn from my
>>> laptop, behind the firewall. Every day though when I get up, it wont'
>>> connect. It says it's connected in the logs, but it won't pass any
>>> traffic. If I kill the connection, restart my firewall script, and then it
>>> connects just fine.
>>>
>>> I've put up a copy of the firewall script at
>>> http://paste.debian.net/1198346/ ( ip subnet changed to protect the
>>> stupid ).
>>>
>>> Thoughts and feedback other than changing it off of iptables are
>>> welcome. That may happen in 2 months anyways but not yet.
>>>
>>> Robert
>>>
>>
>> --
>> Computers amplify human error
>> Super computers are really cool
>>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
More information about the Ale
mailing list