RE: 127.0.0.1 coming in from eth0?
It's just the way it works. Nothing to worry about.
What happens:
Somebody somewhere in the internet sends a packet with source IP
127.0.0.1 and destination IP your public IP address. Since packets in
the internet are routed only based on their destination IP address this
packet reaches you.
Unfortunately only a few ISPs bother to filter packets based on their
obviously invalid source, so this packet travels all the way from it's
source (whereever it is) to you and then you have to drop it, because
you should never trust your ISP to do it for you.
You should filter all IP packets with the following sources inbound on
your untrusted internet boundary:
0.0.0.0/8 "this network"
10.0.0.0/8 rfc1918
127.0.0.0/8 loopback
169.254.0.0/16 linklocal addresses
172.16.0.0/12 rfc1918
192.0.2.0/24 testnet
192.168.0.0/16 rfc1918
224.0.0.0/3 multicast and classE
Additionally you should filter packets with a source within IP address
space that you use:
1.Your public assigned IP addresses.
2.Private addresses that you use.
Best regards,
Boyan Krosnov, CCIE#8701
http://boyan.ludost.net/
just another techie speaking for himself
> -----Original Message-----
> From: Mikko Kilpikoski [mailto:mikko.kilpikoski@ravalik.fi]
> Sent: Monday, September 15, 2003 4:16 PM
> To: debian-firewall@lists.debian.org
> Subject: Re: 127.0.0.1 coming in from eth0?
>
>
> Fabricio Cannini wrote:
> > Don't take this for gospel, but if u can't connect but
> > can "ping", i'm almost sure that ur nic is loosing
> > packets.
>
> Oops, maybe I was a bit unclear *blush*...
>
> It works fine (routing, masquerading, all ok). It's just that there
> shouldn't be incoming 127.0.0.1 packets from eth0, and I
> don't know how
> to figure out how these end up in the logs anyway.
>
> --
> Mikko Kilpikoski
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: