Re: Weird entries in my firewall

[Fósforo <fosforo () gmail com>]

First i would suggest you block any packets coming from the external
interface with valid internal IPs
  
  iptables -A INPUT -i eth? -p all -s 192.168.0.0/16 -j LOG
--log-prefix "spoof: "
  iptables -A INPUT -i eth? -p all -s 192.168.0.0/16 -j DROP
  
  if still having the same problems, suggest review your net topology
(maybe blocking broadcast)
  
  t+

30 Aug 2005 15:31:01 -0000, kronos666 () gmail com <kronos666 () gmail com>:
> Hi list,
>
> I've been getting these weird entries in my firewall (iptables) for a while...
>
> BLOCK 12:29:37.371982 OPT1 192.168.0.50, port 2401 255.255.255.255, port 712 UDP
>
> Now, the source is the internal IP of my server, which is not connected to the firewall.  It's as if the traffic goes 
> through the external interface using the internal ip, and always broadcasts to port 712.  Two of my servers are doing 
> that.
>
> Has anyone ever seen something like this?  It has me completely stumped.
>
> Thanks!



-- 
---------------------------------------------------------
Eu é que não me sento
No trono de um apartamento
Com a boca escancarada
Cheia de dente, esperando a morte chegar

Porque longo das cercas embandeiradas
Que separam quintais
No cume calmo do meu olho que vê
Assenta a sombra sonora
Dum disco voador...

Raul Seixas
---------------------------------------------------------
> > > Fósforo<<<