Can you confirm using tcpdump? On Jan 18, 2015 3:56 PM, "Kamil Jońca" <[email protected]> wrote:
> > I have something strange with iptables > I have rule to forward ssh to my internal machine: > --8<---------------cut here---------------start------------->8--- > iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j DNAT > --to-destination 192.168.200.200 > --8<---------------cut here---------------end--------------->8--- > > moreover I have had some rules uses recent module to rate limit > connections. I realized than on my new router this limiting does not > work. > I tried to investigate and: > 1. put rule > --8<---------------cut here---------------start------------->8--- > iptables -I FORWARD -i eth0 -j LOG > --8<---------------cut here---------------end--------------->8--- > analogous rule on destinantion machine (in INPUT chain) > when I connect to ssh from external, in both logs shows informations > about connect > then I disconnect, only destination machine shows disconnection > --8<---------------cut here---------------start------------->8--- > SSH:FIN:IN=lan OUT= MAC=00:19:bb:d6:8b:80:c4:6e:1f:c5:69:d6:08:00 > SRC=x.x.x.x DST=192.168.200.200 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=43362 > DF PROTO=TCP SPT=46045 DPT=22 WINDOW=3650 RES=0x00 ACK FIN URGP=0 > --8<---------------cut here---------------end--------------->8--- > > uname -a > > --8<---------------cut here---------------start------------->8--- > Linux ni 3.10.49 #3 Wed Oct 1 14:00:51 CEST 2014 mips GNU/Linux > --8<---------------cut here---------------end--------------->8--- > > > Am I missed something? > > -- > http://blogdebart.pl/2010/03/17/dalsze-przygody-swinki-w-new-jersey/ > _______________________________________________ > openwrt-users mailing list > [email protected] > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users >
_______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
