Friday, March 26, 2010

Re: some packets going out from the wrong interface

On Friday 26 March 2010 23:05:13 Jorge Salamero Sanz wrote:
> And not log at all after adding:
>
> iptables -t mangle -A POSTROUTING -o eth1 -s 10.10.2.1 -j LOG
> --log-prefix "WRONG on eth1: "
>
> iptables -t mangle -A POSTROUTING -o eth2 -s 10.10.1.1 -j LOG
> --log-prefix "WRONG on eth2:
>

It logs now, but only DNS queries

Mar 27 05:13:06 ebox kernel: [ 9281.750081] WRONG on eth1: IN= OUT=eth1
SRC=10.10.2.1 DST=192.168.100.254 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=17565 DF
PROTO=UDP SPT=51482 DPT=53 LEN=51
Mar 27 05:13:09 ebox kernel: [ 9284.620646] WRONG on eth1: IN= OUT=eth1
SRC=10.10.2.1 DST=192.168.100.254 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=18283 DF
PROTO=UDP SPT=39540 DPT=53 LEN=52
Mar 27 05:13:33 ebox kernel: [ 9309.256649] WRONG on eth1: IN= OUT=eth1
SRC=10.10.2.1 DST=192.168.100.254 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=24445 DF
PROTO=UDP SPT=57312 DPT=53 LEN=52

but on the router I can only see http requests:

018724(0) win 5840 <mss 1460,sackOK,timestamp 1529911 0,nop,wscale 1>
05:13:43.084329 IP 10.10.2.1.33519 > 170.71.234.130.www: S
2051953003:2051953003(0) win 5840 <mss 1460,sackOK,timestamp 1529981
0,nop,wscale 1>
05:14:01.485246 IP 10.10.2.1.58763 > commerce.uk.sage.com.www: S
2347788949:2347788949(0) win 5840 <mss 1460,sackOK,timestamp 1534581
0,nop,wscale 1>
05:14:17.714025 IP 10.10.2.1.33671 > dcs-home-1.dcs.wisc.edu.www: S
2600480320:2600480320(0) win 5840 <mss 1460,sackOK,timestamp 1538638
0,nop,wscale 1>

Any ideas ?


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/201003270529.39287.bencer@cauterized.net

No comments:

Post a Comment