From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: Could Cogent be doing packet mangling that would confuse Netfilter about interfaces?
Date: Mon, 15 Aug 2011 16:54:05 -0500 [thread overview]
Message-ID: <4E49957D.9070607@riverviewtech.net> (raw)
In-Reply-To: <20110815212553.GA32552@black.transpect.com>
On 08/15/11 16:25, Whit Blauvelt wrote:
> Meanwhile, if anyone else here has a suggestion, the working assumption is
> that we don't have an example of the "Fool's Firewall" (as it is very
> clearly explained on Tom's page) so other suggestions will also be
> appreciated.
For giggles have you tried looking for the mac addresses on eth1 and
eth2 (from your first message)?
Does the traffic coming in to eth5 have the proper MAC address of your
Cogent router?
Have you considered sniffing the traffic with another device before the
traffic enters eth5 to make sure that the traffic really is on the wire
like you think it is verses some odd bug that is causing the traffic to
be mis-represented by the kernel?
Start gathering duplicate data from other locations in the network to
see what adds up and checksums each other and what does not. Follow the
evidence.
It sounds like it's time to gather more data before you start filtering
it down.
Grant. . . .
prev parent reply other threads:[~2011-08-15 21:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-23 0:36 How might incoming SMB probes from public IPs be ariving on the internal interfaces? Whit Blauvelt
2011-07-25 0:01 ` Whit Blauvelt
2011-08-15 17:13 ` Could Cogent be doing packet mangling that would confuse Netfilter about interfaces? Whit Blauvelt
2011-08-15 17:52 ` Tom Eastep
2011-08-15 20:33 ` Whit Blauvelt
2011-08-15 20:47 ` Whit Blauvelt
2011-08-15 21:10 ` Tom Eastep
2011-08-15 21:25 ` Whit Blauvelt
2011-08-15 21:54 ` Grant Taylor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E49957D.9070607@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox