From: Whit Blauvelt <whit@transpect.com>
To: Tom Eastep <teastep@shorewall.net>
Cc: netfilter@vger.kernel.org
Subject: Re: Could Cogent be doing packet mangling that would confuse Netfilter about interfaces?
Date: Mon, 15 Aug 2011 16:47:46 -0400 [thread overview]
Message-ID: <20110815204746.GA30290@black.transpect.com> (raw)
In-Reply-To: <20110815203335.GB27440@black.transpect.com>
On Mon, Aug 15, 2011 at 04:33:35PM -0400, Whit Blauvelt wrote:
> Trying to picture how a cable in the wrong place would allow this. The
> Cogent router is just a router, not doing firewalling, so it's the Linux
> firewall with Cogent and Speakeasy routers attached on two interfaces (with
> a switch in between in each case, since there's an active backup firewall),
> and the LAN and DMZ attached on two more.
Just to make it weirder, on the second system we tested this on we have
Cogent on eth3, DMZ on eth1, LAN on eth0 and Speakeasy on eth2. In this case
the Cogent traffic shows up on the wrong interface too - but a different
wrong interface - the LAN interface rather than the DMZ interface. It shows
up as coming in on eth0 headed for the DNAT translated address on eth1 -
despite that the traffic arrived on eth3.
What is consistent (probably coincidence) is that Cogent traffic coming in
on eth5 in the first case appears as if coming in on eth2, and Cogent
traffic coming in on eth3 in the second case appears as if it's coming in on
eth0 - so "subtract 3 from real interface number" would do it.
Again, the same traffic coming in over through a Speakeasy pipe doesn't get
confused about interfaces at all.
Whit
next prev parent reply other threads:[~2011-08-15 20:47 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-23 0:36 How might incoming SMB probes from public IPs be ariving on the internal interfaces? Whit Blauvelt
2011-07-25 0:01 ` Whit Blauvelt
2011-08-15 17:13 ` Could Cogent be doing packet mangling that would confuse Netfilter about interfaces? Whit Blauvelt
2011-08-15 17:52 ` Tom Eastep
2011-08-15 20:33 ` Whit Blauvelt
2011-08-15 20:47 ` Whit Blauvelt [this message]
2011-08-15 21:10 ` Tom Eastep
2011-08-15 21:25 ` Whit Blauvelt
2011-08-15 21:54 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110815204746.GA30290@black.transpect.com \
--to=whit@transpect.com \
--cc=netfilter@vger.kernel.org \
--cc=teastep@shorewall.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox