[SOLVED] Invalid packets

vecino · 2023-01-20 07:38:58

Hi, I'm trying to find the reason why I have invalid packets on my router's counters.

I tried disabling rp_filter on all interfaces. But it did not help. I think it has something to do with SNAT.

WAN = vlan102
LAN = vlan600 (10.20.30.0/26)

Do you have any tips please?

Jan 20 07:53:37 kernel: Invalid packet: IN=vlan102 OUT= MAC=00:0d:**:42:**:**:c4:**:**:0a:49:b4:**:00 SRC=20.223.237.241 DST=10.107.80.1 LEN=40 TOS=0x00 PREC=0x00 TTL=112 ID=6892 DF PROTO=TCP SPT=443 DPT=49956 WINDOW=0 RES=0x00 ACK RST URGP=0 
Jan 20 07:53:39 kernel: Invalid packet: IN=vlan102 OUT= MAC=00:0d:**:42:**:**:c4:**:**:0a:49:b4:**:00 SRC=157.245.3.169 DST=10.107.80.1 LEN=71 TOS=0x00 PREC=0x00 TTL=49 ID=30402 DF PROTO=TCP SPT=443 DPT=49821 WINDOW=1875 RES=0x00 ACK PSH FIN URGP=0 
Jan 20 07:55:44 kernel: Invalid packet: IN=vlan102 OUT= MAC=00:0d:**:42:**:**:c4:**:**:0a:49:b4:**:00 SRC=142.251.36.99 DST=10.107.80.1 LEN=52 TOS=0x00 PREC=0x00 TTL=59 ID=63757 PROTO=TCP SPT=80 DPT=55047 WINDOW=315 RES=0x00 ACK FIN URGP=0

nftables:

table ip filter {
        chain INPUT {
                type filter hook input priority filter; policy drop;
                ct state invalid counter log prefix "Invalid packet: " drop
                ct state established,related counter accept
                iif "lo" counter accept
                ip protocol ospfigp counter accept
                ip protocol icmp counter accept
                ...
                ...
table ip nat {
        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                ip saddr 10.20.30.0/26 counter oifname vlan102 snat to 10.107.80.1
        }

[root@home ~]# sysctl -a | grep rp_filter

net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.enp1s0.rp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.vlan102.rp_filter = 0
net.ipv4.conf.vlan600.rp_filter = 0
net.ipv4.conf.wg0.rp_filter = 0

Thanks!

Last edited by vecino (2023-05-23 15:33:03)

vecino · 2023-03-02 14:51:16

Please, no one knows why this is happening and does it make sense to solve it? Thanks!

Arch Linux

#1 2023-01-20 07:38:58

[SOLVED] Invalid packets

#2 2023-03-02 14:51:16

Re: [SOLVED] Invalid packets

Board footer