[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: I definitely need some help with IPfilter, sorry.
From:       Darren Reed <avalon () coombs ! anu ! edu ! au>
Date:       1996-05-27 21:59:03
[Download RAW message or body]

In some mail from Andrew V. Stesin, sie said:
[...]
> # > I know that UDP 525s are coming from ether, Ok; and tcpdump says
> # > they are on sl0 as well (how??? who will send them?)).
> # > That's Ok; it does this with rule @5.

> # Are the timed packets being broadcast on the ethernet and then being
> # forwarded out your SLIP links too ?

> 	Yes. So they should be considered "output" and passed? (I don't care
> 	if some extra timed packet goes out for now -- finetuning all the
> 	time stuff is still in nearest plans).

Is using timed easier than xntpd ?

> # The number recorded in the logs is which number rule caused the log record
> # to be made (the numbering starts at 0).  Rule `@5' for "log in..." would
> # be the 6th line in "ipfstat -i" output.

> 	Thanks for confirmation! That's exactly it:
> 	block anything coming from sl0 claiming to be from _my_net_.

Hmmm, this doesn't sound quite right.  If you use tcpdump on the slip line,
does the timed packet get sent out the line and then echoed back ?

This suggests to me that the other end of the slip line has an IP# which
would make it look inside your local network ?

[...]
> 	Please take my sincere apologies for taking your time
> 	with my dumb questions!

Not a problem.

darren

[prev in list] [next in list] [prev in thread] [next in thread]