[ale] ODD iptables issue?

Robert Harris robert.l.harris at gmail.com
Fri May 21 14:55:10 EDT 2021 

yeah, in all reality, it's 1 = on, anything else is off.  typo fixed
though.  It's just odd how it blocks the traffic til a restart of the
iptables then boom, good to go.  Not even a reboot.  Then about 12+hours (
random # I haven't narrowed down ) it starts failing again.  Nothing in
dmessage I can see either.


On Fri, May 21, 2021 at 12:00 PM Jim Kinney <jim.kinney at gmail.com> wrote:

> Do QOS choices are 1 or 2 so you picked 0. Probably comment is wrong. But
> it looks (on a glance) that your startup for working vpn requires qos=1.
> Maybe the restart sets it to 1 than later a timeout happens with no vpn
> traffic and that section times out and closes. Don't see anything obvious
> to me on shutting down the forwarding for vpn traffic.
>
> On May 21, 2021 11:32:58 AM EDT, Robert Harris via Ale <ale at ale.org>
> wrote:
>>
>>
>> I have a very weird one.  I'm running an ubuntu firewall, kernel
>> 5.8.0-48-generic with iptables 1.8.5-3ubuntu2.20.10.2 ( WTF???? ) and it's
>> up to date on patches.  For work, I have to connect to an openvpn from my
>> laptop, behind the firewall.  Every day though when I get up, it wont'
>> connect.  It says it's connected in the logs, but it won't pass any
>> traffic.  If I kill the connection, restart my firewall script, and then it
>> connects just fine.
>>
>> I've put up a copy of the firewall script at
>> http://paste.debian.net/1198346/  ( ip subnet changed to protect the
>> stupid ).
>>
>> Thoughts and feedback other than changing it off of iptables are
>> welcome.  That may happen in 2 months anyways but not yet.
>>
>> Robert
>>
>
> --
> Computers amplify human error
> Super computers are really cool
>


-- 
:wq!
---------------------------------------------------------------------------
Robert L. Harris

DISCLAIMER:
      These are MY OPINIONS             With Dreams To Be A King,
       ALONE.  I speak for                      First One Should Be A Man
       no-one else.                                     - Manowar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20210521/769639a9/attachment.htm>

More information about the Ale mailing list