diff options
Diffstat (limited to 'zarb-ml/mageia-discuss/20120507/007249.html')
| -rw-r--r-- | zarb-ml/mageia-discuss/20120507/007249.html | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/20120507/007249.html b/zarb-ml/mageia-discuss/20120507/007249.html new file mode 100644 index 000000000..7e79ad4ad --- /dev/null +++ b/zarb-ml/mageia-discuss/20120507/007249.html @@ -0,0 +1,108 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-discuss] Odd entry in log file + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Odd%20entry%20in%20log%20file&In-Reply-To=%3C201205072327.08933.alien%40rmail.be%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="007248.html"> + <LINK REL="Next" HREF="007227.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-discuss] Odd entry in log file</H1> + <B>Maarten Vanraes</B> + <A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Odd%20entry%20in%20log%20file&In-Reply-To=%3C201205072327.08933.alien%40rmail.be%3E" + TITLE="[Mageia-discuss] Odd entry in log file">alien at rmail.be + </A><BR> + <I>Mon May 7 23:27:08 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="007248.html">[Mageia-discuss] Odd entry in log file +</A></li> + <LI>Next message: <A HREF="007227.html">[Mageia-discuss] Browsiner logging ? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#7249">[ date ]</a> + <a href="thread.html#7249">[ thread ]</a> + <a href="subject.html#7249">[ subject ]</a> + <a href="author.html#7249">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Op maandag 07 mei 2012 23:04:14 schreef Frank Griffin: +><i> On 05/07/2012 04:50 PM, Maarten Vanraes wrote: +</I>><i> > Op maandag 07 mei 2012 14:23:44 schreef Frank Griffin: +</I>><i> > [...] +</I>><i> > +</I>><i> > it's like this: +</I>><i> > +</I>><i> > mostly people natting will do: +</I>><i> > +</I>><i> > iptables -s 192.168.0.0/24 -o eth0 -j MASQUERADE +</I>><i> > +</I>><i> > which means internal traffic on 192.168.3.2 would go outside without +</I>><i> > being natted. if someone nearby uses 192.168.3.2 as a local network ip, +</I>><i> > it would get martians, since that network is coming from an unexpected +</I>><i> > source interface. +</I>><i> +</I>><i> Yes, but it would go to the ISP gateway and get discarded. Why would it +</I>><i> be seen by anything else on the ISP subnet, unless the NIC were in +</I>><i> promiscuous mode ? And if that (promiscuous mode) were the case, why +</I>><i> would iptables complain ? +</I> +promiscuous mode means you're passing through from layer 2 to layer 3 +irrespective of mac address (ie: even if it's not for you) + +iptables is not complaining + +martians is kernel level, (resource path filtering (for asynchronous routing)), +before iptables even comes into play. + +martians is actually also on the same level as promiscuous checking iinm... + +ie: it's disregarding an ip packet on an interface, which should not have come +from that interface, but according to routing information, you expect it to +come from another interface. + +ie: if you have: +eth0: 192.168.0.2/24 +eth1: 192.168.1.5/24 +eth2: 75.124.56.84 +and default route via eth2 + +if coming from eth2 there is a packet with source IP 192.168.1.54, it would +fire. + +if going out to eth1 a packet with dest IP 192.168.0.6 it would also fire. + +if coming from eth0 is a packet with source ip 192.168.3.8, it also fires, +since default route is eth2. + +i donno if you see an interface which it's speaking of in the martians +warning, but i suggest you look at the routing table and see what is going on. + +you can furthermore try to use tcpdump and see what is going on. +</PRE> + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="007248.html">[Mageia-discuss] Odd entry in log file +</A></li> + <LI>Next message: <A HREF="007227.html">[Mageia-discuss] Browsiner logging ? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#7249">[ date ]</a> + <a href="thread.html#7249">[ thread ]</a> + <a href="subject.html#7249">[ subject ]</a> + <a href="author.html#7249">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss +mailing list</a><br> +</body></html> |