[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-router
Subject: Re: [LRP] Confusing log entry, need H-E-L-P :>
From: "Scott C. Best" <sbest () best ! com>
Date: 2001-05-31 19:12:58
[Download RAW message or body]
Peter:
Everything I learned about chains I learned here: ;)
http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-4.html#ss4.1
That's great ASCII art. Ahem, anyhow. The packet
you wrote about:
> May 28 22:17:53 lrp1 kernel: Packet log: forward DENY eth2
> PROTO=6 66.30.27.218:2903 10.4.2.10:27374 L=48 S=0x00 I=21345
> F=0x4000 T=113 SYN
...was defnitely DENY'd on the forward chain. Which
happens before the output chain but after the input chain.
What's interesting then is the 10.4.2.10 address: if that's
your DMZ machine's IP address, and if your DMZ is usually
Masq'd to a routable IP address on your eth0 interface...then
I'm curious how your FORWARD chain caught this packet in
the first place -- a forward chain is skipped if there's
"demasquerading" being done. Hmmm.
Curious curious. Whatever *is* Rule 13 in your
forward chain?
-Scott
> pn] Well, you restated my question from a different angle. Same
> confusion, though. How could external traffic possibly be *received* on
> eth2, the DMZ NIC on my router? I can see it getting received on eth0
> and forwarded to eth2.
>
> pn] Well, of course eth2 *receives* forwarded packets. But I'm fairly
> certain my firewall rules are based on eth0. I'll have to look at rule
> 13 tonight.
_______________________________________________
linux-router maillist - linux-router@linuxrouter.org
http://www.linuxrouter.org/mailman/listinfo/linux-router
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic