[Mageia-discuss] Odd entry in log file
Maarten Vanraes
alien at rmail.be
Sun May 6 22:58:03 CEST 2012
Op zondag 06 mei 2012 21:12:14 schreef imnotpc:
> On 05/06/2012 02:49 PM, Doug Lytle wrote:
> > imnotpc wrote:
> >> but wireless device access is more lenient.
> >
> > My thoughts would be someone connecting via the wireless with another
> > interface connected as well. We have users that don't understand that
> > they don't need to do both wireless and wired. Some times we see
> > wireless, wired and vpn.
> >
> > Just a guess.
> >
> > Doug
>
> The problem with that is that the firewall rules on these boxes
> immediately log and drop any packet that doesn't come from the subnet
> assigned to that interface. I'm not an expert on iptables but I believe
> that anything coming in on those interfaces would hit iptables and be
> dropped before the kernel log. Even if the kernel saw them first I
> should still see corresponding iptables log entries. The router boxes
> don't have any wireless cards so they aren't generating these entries
> that way. I don't know how a wireless host connecting to a wireless
> router, which has a wired LAN IP on LAN facing interface and uses DHCP
> for the wireless interface, is able to propagate a different IP address
> all the way to the firewall without being translated or dropped. Very
> curious.
>
> Jeff
Martians are http://en.wikipedia.org/wiki/Martian_packet .
by default, kernels drop these, you can tune these things in /proc somewhere,
thus also with sysctl.
there may also be a setting about not logging them, best your read up on it,
if you're interested.
More information about the Mageia-discuss
mailing list