Strange NAT Behavior

Strange NAT Behavior

[Anthony R. Vallario]

To all;
    I've got a CentOS 4.2 box configured as your standard nat firewall. 
Nothing fancy, nothing new. Of course logwatch is on and configured to 
report about the day's previous activities. After looking at these emails 
from logwatch I noticed something funny. There were entries from where the 
firewall was blocking my LAN pc's. Huh? That's right. I went thru 
/var/log/messages to confirm. Sure enough, there are logged events from when 
one of the LAN pc's was blocked from going to say yahoo, adobe or google. 
Weird thing is, it's random. Ports are random to.I can't make heads or tales 
out of a pattern or reason why. So why on earth would a nat firewall with no 
outgoing drop rules all of a sudden block these lan pc's? Oh one more thing 
of note. This same nat firewall (text file with the rules) was used on a 
fedora core 1 box about a month ago. No issues with random outgoing blocks.


Anthony R. Vallario 

Re: Strange NAT Behavior

[Tom Eastep]

[-- Attachment #1: Type: text/plain, Size: 830 bytes --]

Anthony R. Vallario wrote:
> Sure enough, there are logged events
> from when one of the LAN pc's was blocked from going to say yahoo, adobe
> or google. Weird thing is, it's random. Ports are random to.I can't make
> heads or tales out of a pattern or reason why. So why on earth would a
> nat firewall with no outgoing drop rules all of a sudden block these lan
> pc's?

Check the DROP log messages -- is the IN= interface your LAN interface or your
WAN interface? If it is the WAN interface, check your cabling to be sure that
you haven't bridged the LAN and WAN sides of your firewall.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 254 bytes --]

RE: Strange NAT Behavior

[Sietse van Zanen]

Well, there is most likely nothing wrong. Clients sometimes behave badly. I see it every day, especially with P2P software. If you have no problems reported to you, don't worry about it. It just happens.
 
-Sietse

________________________________

From: netfilter-bounces@lists.netfilter.org on behalf of Anthony R. Vallario
Sent: Fri 14-Jul-06 16:19
To: netfilter@lists.netfilter.org
Subject: Strange NAT Behavior



To all;
    I've got a CentOS 4.2 box configured as your standard nat firewall.
Nothing fancy, nothing new. Of course logwatch is on and configured to
report about the day's previous activities. After looking at these emails
from logwatch I noticed something funny. There were entries from where the
firewall was blocking my LAN pc's. Huh? That's right. I went thru
/var/log/messages to confirm. Sure enough, there are logged events from when
one of the LAN pc's was blocked from going to say yahoo, adobe or google.
Weird thing is, it's random. Ports are random to.I can't make heads or tales
out of a pattern or reason why. So why on earth would a nat firewall with no
outgoing drop rules all of a sudden block these lan pc's? Oh one more thing
of note. This same nat firewall (text file with the rules) was used on a
fedora core 1 box about a month ago. No issues with random outgoing blocks.


Anthony R. Vallario