ip_conntrack working?

Forums Network Management Networking ip_conntrack working?

  • This topic is empty.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #40581

    Hello guys,

    I have zeroshell with:

    LAN1 (
    –Bridge Eth0-Eth1
    ZeroShell 1
    ZeroShell 2
    –Bridge Eth0-Eth1

    Eth0 – Internal
    Eth1 – External
    VPN0 – Lan-to-Lan(eth1)
    Bridge0 – Eth0&VPN0(eth1)

    We are trying same IP address in two different offices with a line Point to Point. Network
    We want to discard all inneccesary traffic in both offices, we are using firewall rules for it but ….. New, Stablished and Related connections dont work.


    9 BRIDGE00 * ACCEPT tcp opt — in BRIDGE00 out * -> state NEW,ESTABLISHED tcp dpt:22 no
    10 * BRIDGE00 ACCEPT tcp opt — in * out BRIDGE00 -> state NEW,ESTABLISHED tcp dpt:22

    This rules isnt working, i can send “SYN packet” but dont return “SYN ACK packet” because zeroshell iptables firewall with states NEW, STABLISHED and RELATED isnt working.

    I can create a rule for return of packets and it work but i must have 4 rules for service and i dont want to have 80+ rules in zeroshell, because 50+ rules i have others problems with zeroshell.
    Which is the problem??

    Sorry for my english and thanks for your time.
    If need more info dont hesitate in ask me.

    Best regards.


    You should not use the BRIDGE00 interface in your iptables rules, but its components VPN00 and ETH00 and then make no sense to use NEW and ESTABLISHED together.
    If for example you want that only the connections initiated from your LAN are forwarded to the VPN you just have to configure the firewall to look like the following:

    Chain FORWARD (policy ACCEPT 7 packets, 588 bytes)
    pkts bytes target prot opt in out source destination
    8 672 ACCEPT all — VPN00 * state RELATED,ESTABLISHED
    0 0 DROP all — VPN00 *

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.