Re: strange packets on loopback

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Nils Juergens <ju@isf.rwth-aachen.de>
To: netfilter@lists.netfilter.org
Subject: Re: strange packets on loopback
Date: Wed, 23 Jun 2004 14:37:20 +0200	[thread overview]
Message-ID: <20040623123720.GA5390@koala7> (raw)
In-Reply-To: <1087982478.7946.50.camel@dharmu.nsecure.net>

On Wed, 23.06.04, "Dharmendra T." <dharmu@nsecure.net> wrote:

> Why the MAC is not displayed proerly? Getting doubt whether someone is
> trying to spoof!(Possible, not too scary as the packets are getting
> dropped).
> 
> If this is the valid mac just try to find out from which ip it is coming
> by using arp.

Thats the first thing i checked, the PC on the local lan has a valid
MAC-Address, and there is no 00:00:00:00:00:00 MAC anywhere on the net.
I've got arpwatch running and it reports no such MAC. Neither does the
arp-table on my firewall.

I do have, however, a DNAT rule in PREROUTING that redirects all http
requests to z.z.z.z:80. It is _not_, however, redirected to the external
interface y.y.y.y but rather to the internal address z.z.z.z.

In short, http traffic from clients directly to the squid (from mozilla with
proxy setting) go to y.y.y.y:8080, http traffic from other browsers (beyond
our control) is redirected to z.z.z.z:8080.

DNAT       tcp  --  a.a.a.a.0/24      anywhere           tcp dpt:www to:z.z.z.z:8080

The 'strange' packet had DST=y.y.y.y so i was thinking the REDIRECT does not
play a role here.

Also, localy generated packets never pass through PREROUTING, so packets
from 'lo' should never be touched by this rule.

thanks,

Nils Juergens

next prev parent reply	other threads:[~2004-06-23 12:37 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-06-23  9:21 strange packets on loopback Dharmendra T.
2004-06-23 12:37 ` Nils Juergens [this message]
  -- strict thread matches above, loose matches on Subject: below --
2004-06-22 15:57 Nils Juergens

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040623123720.GA5390@koala7 \
    --to=ju@isf.rwth-aachen.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox