Good Evening,
The strange thing is that it seems to be blocked by netfilter. I am using exactly the same rules on a Slackware Box without any problems.
Slackware is the Key here Marcus. The two distros have different modules built into the kernel by default and maybe a cause for why it is happening? But Honestly I don't see how you are ever going to forward packets and requests with the below rule. How are you going to come into and back out of the same interface? That's why it want traverse How about -i eth0 -o eth1 or -I eth0 -o eth0:0
As mentioned before, the ruleset is now activated correctly as iptables -L shows:
0 0 ACCEPT all -- eth0 eth0 anywhere anywhere state NEW,RELATED,ESTABLISHED
I must admit that it was not in my pastebin posts (my fault).
-A FORWARD -i eth0 -o eth0 -m state --state \ NEW,RELATED,ESTABLISHED -j ACCEPT
When you use iptables save it does not save the the rules you just put into it! You will have to edit /etc/sysconfig/iptables-config:
# Unload modules on restart and stop # Value: yes|no, default: yes # This option has to be 'yes' to get to a sane state for a firewall # restart or stop. Only set to 'no' if there are problems unloading netfilter # modules. IPTABLES_MODULES_UNLOAD="yes"
# Save current firewall rules on stop. # Value: yes|no, default: no # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped # (e.g. on system shutdown). IPTABLES_SAVE_ON_STOP="yes"
# Save current firewall rules on restart. # Value: yes|no, default: no # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets # restarted. IPTABLES_SAVE_ON_RESTART="yes"
The rules are stored and activated with service iptables save (and all other rules, e.g. routing into DMZ work fine)
I now begin to wonder if it's a routing issue and backroute problem as the respone package may come from a different MAC address:
LAN1 -> LINUX_ROUTER -> LAN2
Response:
LAN2 -> CORE-ROUTER(with LINUX_ROUTER as default Gateway) -> LINUX_ROUTER | BLOCKED | LAN1
This may be the case as the CORE-ROUTER was not part of the network in good ol' slacky times.
Best Regards Marcus