diff options
Diffstat (limited to 'zarb-ml/mageia-discuss/20120507/007228.html')
| -rw-r--r-- | zarb-ml/mageia-discuss/20120507/007228.html | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/20120507/007228.html b/zarb-ml/mageia-discuss/20120507/007228.html new file mode 100644 index 000000000..fc7299952 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120507/007228.html @@ -0,0 +1,129 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-discuss] Odd entry in log file + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Odd%20entry%20in%20log%20file&In-Reply-To=%3C4FA7223B.3050705%40Rock3d.net%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="007226.html"> + <LINK REL="Next" HREF="007234.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-discuss] Odd entry in log file</H1> + <B>imnotpc</B> + <A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Odd%20entry%20in%20log%20file&In-Reply-To=%3C4FA7223B.3050705%40Rock3d.net%3E" + TITLE="[Mageia-discuss] Odd entry in log file">imnotpc at Rock3d.net + </A><BR> + <I>Mon May 7 03:15:39 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="007226.html">[Mageia-discuss] Odd entry in log file +</A></li> + <LI>Next message: <A HREF="007234.html">[Mageia-discuss] Odd entry in log file +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#7228">[ date ]</a> + <a href="thread.html#7228">[ thread ]</a> + <a href="subject.html#7228">[ subject ]</a> + <a href="author.html#7228">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On 05/06/2012 08:18 PM, Frank Griffin wrote: +><i> On 05/06/2012 06:57 PM, imnotpc wrote: +</I>>><i> +</I>>><i> My thanks to you, Maarten, and Doug for replying. I knew that packets +</I>>><i> in private subnets are never forwarded by routers, one of the basic +</I>>><i> security features of the IPV4 system. I had never heard them referred +</I>>><i> to as martian before, but the name makes sense. Based on the +</I>>><i> destination of the packets (Google, Facebook), my assumption is that +</I>>><i> these are not malicious, and based on my knowledge of my network, I +</I>>><i> believe these are originating from the wireless hosts as Doug +</I>>><i> indicated. I guess the only part I still don't understand is how +</I>>><i> these packets are reaching the kernel of the gateway through NAT and +</I>>><i> firewalls? Perhaps there is something I don't understand about how IP +</I>>><i> traffic moves between hosts. +</I>>><i> +</I>><i> The basic idea of a gateway is that you have two NICs, one (say eth1) +</I>><i> connected to the same switch to which all your other wired hosts are +</I>><i> connected, and using an IP address of something internal, say +</I>><i> 192.168.1.1. The other NIC (say eth0) is connected to your external +</I>><i> internet. Your routing table should indicate that any traffic for a +</I>><i> 192.168.1.x address should go out eth1, and any traffic for something +</I>><i> other than 192,168.1.x should go out eth0. And you have NAT enabled +</I>><i> for anything going out eth0 so that your internal addresses get +</I>><i> translated to the external IP address assigned by your ISP as they +</I>><i> pass through the gateway. +</I>><i> +</I>><i> This assumes that you're using a PC as a gateway. Your router should +</I>><i> play no part with the wired connections --- it and all the other wired +</I>><i> hosts should be plugged into the switch, i. e. you shouldn't be using +</I>><i> the inbound wired jacks on the router at all. The wireless goes into +</I>><i> the router, but beyond that plays on an equal level with the wired +</I>><i> guys all going into the gateway PC. +</I>><i> +</I>><i> The problem you describe most likely results from trying to use the +</I>><i> router as the gateway in conjunction with the switch. You've got the +</I>><i> wired guys coming through the switch and participating in NAT and the +</I>><i> wireless guys coming into the router directly, and somehow bypassing NAT. +</I>><i> +</I>><i> You mention the "gateway kernel", so I'm guessing that you are using a +</I>><i> gateway PC rather than a gateway router. If you are using a +</I>><i> 192.168.3.x subnet, then your gateway is NAT'ing some hosts and not +</I>><i> others. +</I> +I apologize that I didn't give more detail when I started this thread, +but this has become more involved/detailed discussion than I envisioned. +Let me give you the topography of my network as best as I can describe: + +Firewall/Gateway: Mga2 box with 3 NICs which forwards traffic from the +DMZ and the LAN to the Internet and back. The Internet facing NIC has a +public IP. The DMZ is a private subnet with all fixed IPs. The LAN +subnet also has all fixed IPs in the 192.168.0.0/24 range. Iptables +firewall logs and drops all traffic that doesn't originate from these +subnets. + +LAN: All the LAN hosts have fixed IPs IN the 192.168.0.0/24 range. Linux +host firewalls block all outgoing traffic that doesn't originate from +the assigned IP address. Windows/other hosts do whatever they do. + +Wireless Router Attached to the LAN: The LAN facing NIC on the wireless +router has a fixed IP of 192.168.0.100. The wireless interface is +configured to assign IPs in the 192.168.2.0/24 range to the wireless +hosts using DHCP. + +Wireless Hosts: Connect to wireless router via DHCP. I believe these +hosts are generating the martian packets. + +I understand the the wireless host may identify themselves using other +IPs due to other connection/configuration issues, but I can't understand +how the kernel on the Mga2 gateway is ever able to see packets +originating from 192.168.3.2 or any other unauthorized subnet. This is +my major concern since it may indicate an error in my LAN configuration. + +Jeff +</PRE> + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="007226.html">[Mageia-discuss] Odd entry in log file +</A></li> + <LI>Next message: <A HREF="007234.html">[Mageia-discuss] Odd entry in log file +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#7228">[ date ]</a> + <a href="thread.html#7228">[ thread ]</a> + <a href="subject.html#7228">[ subject ]</a> + <a href="author.html#7228">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss +mailing list</a><br> +</body></html> |