First of all Chaos Calmer is old, vulnerable, and unsupported. You need to upgrade to current 19.07.3 version, especially since it is facing the internet.
The allow all on wan interface I hope it is just some testing. Otherwise Input and forward must be Reject/Drop.
The iptables are flooded with repeating rules, a sign that you are applying continuously the same rules without flushing them.
The custom rules you have added for GRE are pointless, as the INPUT and OUTPUT concern the router itself, but the GRE is terminated on the Cisco. So you want FORWARD, which is allowed on the lan->wan.
What is the error in the logs for the invalid packets?
1 Like