RE: Strange logs...

["Mark E. Donaldson" <markee@bandwidthco.com>]

If both the Linux Box and the Windows box on the same standard subnet of
192.168.20.0/24, and they are connected via a switch, then the packets
should never need to go through the router in the first place. This tells me
the switch is either configured wrong, or is faulty.  Question: Are you
dropping "spoofed IP's" on your router using the NAT table?  

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Carlos Fernandez
Sanz
Sent: Sunday, January 11, 2004 5:29 AM
To: netfilter
Subject: Re: Strange logs...


> > How reliable is ethereal? I mean, does it see packets as they come 
> > from
the
> > wire or after they have been touched by netfilter?
>
> Ethereal and tcpdump will both see packets off the wire before they get to
> netfilter.   Remember that these packet capturing programs and not

After leaving it working for some more minutes, I started seeing normal
traffic being logged as well. Packets show up in eth1 (internet interface)
both in the logs and ethereal (there's a 100% match). Now, how are the linux
device (eth1) linked to the physical device (NIC) related?

I have to say that if I unplug any of the two cables (the one between the
linux and the switch or the one between the linux and the router) strange
things happen. So I'm really starting to believe that the packet does come
from the wire physically.... no matter how impossible that seems.

As I finished writing that I tried to ping from the windows box to the linux
box and both cables must be connected for ping responses to arrive. This
happens even with all the iptables tables flushed (ie firewall down; no
rules, and ACCEPT as policies for both input and policies).

> > (still, is that possible? How could a packet generated by the 
> > windows
box,
> > which isn't connected to eth1, end up there?).
>
> That's the one bit I can't think of an explanation for.   You don't have
> anything exotic like bridging or vlans enabled in your kernel do you?

Nothing (that I'm aware of, anyway). But this is starting to look more like
a hardware issue to me. Definitely not related to the wiring, but maybe
there's some kind of conflict between my NICs I haven't spotted yet.... so
in case it helps:

  Bus  2, device  11, function  0:
    Ethernet controller: 3Com Corporation 3c905C-TX/TX-M [Tornado] (rev 48).
      IRQ 9.
      Master Capable.  Latency=32.  Min Gnt=10.Max Lat=10.
      I/O at 0xd800 [0xd87f].
      Non-prefetchable 32 bit memory at 0xf4000000 [0xf400007f].
  Bus  2, device  14, function  0:
    Ethernet controller: 3Com Corporation 3c905C-TX/TX-M [Tornado] (#2) (rev
48).
      IRQ 3.
      Master Capable.  Latency=32.  Min Gnt=10.Max Lat=10.
      I/O at 0x8800 [0x887f].
      Non-prefetchable 32 bit memory at 0xf3800000 [0xf380007f].

Thanks for helping out :-)