[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: coming in from eth0?

It's just the way it works. Nothing to worry about.
What happens:
Somebody somewhere in the internet sends a packet with source IP and destination IP your public IP address. Since packets in
the internet are routed only based on their destination IP address this
packet reaches you.
Unfortunately only a few ISPs bother to filter packets based on their
obviously invalid source, so this packet travels all the way from it's
source (whereever it is) to you and then you have to drop it, because
you should never trust your ISP to do it for you.

You should filter all IP packets with the following sources inbound on
your untrusted internet boundary: "this network" rfc1918 loopback linklocal addresses rfc1918 testnet rfc1918 multicast and classE

Additionally you should filter packets with a source within IP address
space that you use:
1.Your public assigned IP addresses.
2.Private addresses that you use.

Best regards,
Boyan Krosnov, CCIE#8701
just another techie speaking for himself

> -----Original Message-----
> From: Mikko Kilpikoski [mailto:mikko.kilpikoski@ravalik.fi] 
> Sent: Monday, September 15, 2003 4:16 PM
> To: debian-firewall@lists.debian.org
> Subject: Re: coming in from eth0?
> Fabricio Cannini wrote:
> > Don't take this for gospel, but if u can't connect but
> > can "ping", i'm almost sure that ur nic is loosing
> > packets. 
> Oops, maybe I was a bit unclear *blush*...
> It works fine (routing, masquerading, all ok). It's just that there 
> shouldn't be incoming packets from eth0, and I 
> don't know how 
> to figure out how these end up in the logs anyway.
> -- 
> Mikko Kilpikoski
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org

Reply to: