strange packets on loopback

[Nils Juergens <ju@isf.rwth-aachen.de>]

[-- Attachment #1: Type: text/plain, Size: 1655 bytes --]

Hello,

i have a firewall setup like this:

 /--------\
/ Internet \
\---------/
     |
  ___|____
 | Router |
 ----------
     |
     |
     |ext FW interface (y.y.y.y)
  ___|______
 | Firewall | (also routing)
 ------------
     | int FW interface (z.z.z.z) (default gw for PCs on lan)
     |
 /---------\
/ local net \ a.a.a.0/24
\----------/

  
my netfilter-based firewall logs packets like this:

INPUT DROP XX: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 \
SRC=a.a.a.a DST=y.y.y.y LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=0 \
DF PROTO=TCP SPT=1249 DPT=8080 WINDOW=0 RES=0x00 RST URGP=0

where a.a.a.a is an IP on my local lan and y.y.y.y is the IP of the external
firewall interface.

I do have a squid proxy running on the firewall listening at 0.0.0.0:8080
and the clients are set up to use y.y.y.y:8080 as proxy, but i find it
rather strange that the IN-interface is listed as 'lo', while it should be
'int0' (i have renamed my interfaces as int0 and ext0 using nameif).

It also seems that I only log packets with the RST flag, no others.

The service itself is running fine, and the packets are dropped because i
only accept packets from lo that have a source address of 127.0.0.1, y.y.y.y
or z.z.z.z).

So unless I understand the concept of loopback completely wrong i think that
IN should only by 'lo' when the source address is on of the IP addresses of
the local interfaces, including lo.

Is this a bug?

I'm using iptables v1.2.6a and linux-2.4.26 with grsecurity-2.0-2.4.26.patch
on a Debian/Woody system.

I would be greateful for an explanation.

thx,

Nils Juergens

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]