RFC1918 172.16.0.0/12 does *not* include 172.217.6.10. The range is 172.16.0.0-172.31.255.255.
I suspect you are correct about UDP not getting through. Seems likely some kind of connection tracking/keep-state isn’t working the way you want. Are you doing any kind of keep-state for your UDP traffic? > On Apr 10, 2020, at 3:03 PM, [email protected] wrote: > > I've done apt-get purge network-manager, because something is screwing up the > routing... > > I have a dynamic IP address through Spectrum cable and I'm thinking that I > need to do something special to make masquerading with a dynamic ip work? > > The firewall needs to track the IP if say the lease expires and I get a > different one... > > Zoom video conferencing is not working through my Debian firewall. Maybe I'm > not allowing all the packets to get through... > > The video freezes and stays frozen. I suspect UDP isn't getting through. > Thing is, why would a forward packet be from the outside > interface out the outside interface with the destination IP address being > local? I don't think this is supposed to happen. > > FORWARD will drop: IN=eth2 OUT=eth2 SRC=172.217.6.10 DST=192.168.254.32 > PROTO=TCP SPT=443 DPT=49681 ... > > The above seems like something that should be dropped because RFC1918 > addresses aren't reached via the Internet side interface which eth2 is. > > # ip route list > default via 96.42.208.1 dev eth2 > default via 192.168.254.1 dev eth0 proto dhcp <- WRONG src 192.168.254.52 > metric 202 > default via 96.42.212.1 dev eth2 proto dhcp src 96.42.214.23 metric 204 mtu > 1500 > 96.42.208.0/22 dev eth2 proto kernel scope link src 96.42.210.76 > 96.42.212.0/22 dev eth2 proto dhcp scope link src 96.42.214.23 metric 204 mtu > 1500 > 192.168.253.0/24 dev eth1 proto kernel scope link src 192.168.253.1 linkdown > 192.168.254.0/24 dev eth0 proto dhcp <- WRONG scope link src 192.168.254.52 > <- WEIRD metric 202 > > michael@filter:~$ cat /etc/network/interfaces > # This file describes the network interfaces available on your system > # and how to activate them. For more information, see interfaces(5). > > source /etc/network/interfaces.d/* > > # The loopback network interface > auto lo > iface lo inet loopback > > auto eth0 > iface eth0 inet static > address 192.168.254.1 > netmask 255.255.255.0 > > auto eth1 > iface eth1 inet static > address 192.168.253.1 > netmask 255.255.255.0 > > auto eth2 > iface eth2 inet dhcp > > auto eth0:any1 > iface eth0:any1 inet static > address 8.8.8.8 > netmask 255.255.255.255 > > auto eth0:any2 > iface eth0:any2 inet static > address 8.8.8.4 > netmask 255.255.255.255 > > auto eth1:any1 > iface eth1:any1 inet static > address 8.8.8.8 > netmask 255.255.255.255 > > auto eth1:any2 > iface eth1:any2 inet static > address 8.8.8.4 > netmask 255.255.255.255 > michael@filter:~$ > > Maybe my interfaces file shouldn't be using auto??? The interfaces eth0 and > eth1 should be static configured. The eth2 interface is hooked to the cable > modem. > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug -- Louis Kowolowski [email protected] <mailto:[email protected]> Cryptomonkeys: http://www.cryptomonkeys.com/ <http://www.cryptomonkeys.com/> Making life more interesting for people since 1977 _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
