[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: some packets going out from the wrong interface

On Friday 26 March 2010 23:05:13 Jorge Salamero Sanz wrote:
> And not log at all after adding:
> 
>  iptables -t mangle -A POSTROUTING -o eth1 -s 10.10.2.1 -j LOG
>  --log-prefix  "WRONG on eth1: "
> 
>  iptables -t mangle -A POSTROUTING -o eth2 -s 10.10.1.1 -j LOG
>  --log-prefix  "WRONG on eth2:
> 

It logs now, but only DNS queries

Mar 27 05:13:06 ebox kernel: [ 9281.750081] WRONG on eth1: IN= OUT=eth1 
SRC=10.10.2.1 DST=192.168.100.254 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=17565 DF 
PROTO=UDP SPT=51482 DPT=53 LEN=51 
Mar 27 05:13:09 ebox kernel: [ 9284.620646] WRONG on eth1: IN= OUT=eth1 
SRC=10.10.2.1 DST=192.168.100.254 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=18283 DF 
PROTO=UDP SPT=39540 DPT=53 LEN=52 
Mar 27 05:13:33 ebox kernel: [ 9309.256649] WRONG on eth1: IN= OUT=eth1 
SRC=10.10.2.1 DST=192.168.100.254 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=24445 DF 
PROTO=UDP SPT=57312 DPT=53 LEN=52 

but on the router I can only see http requests:

018724(0) win 5840 <mss 1460,sackOK,timestamp 1529911 0,nop,wscale 1>
05:13:43.084329 IP 10.10.2.1.33519 > 170.71.234.130.www: S 
2051953003:2051953003(0) win 5840 <mss 1460,sackOK,timestamp 1529981 
0,nop,wscale 1>
05:14:01.485246 IP 10.10.2.1.58763 > commerce.uk.sage.com.www: S 
2347788949:2347788949(0) win 5840 <mss 1460,sackOK,timestamp 1534581 
0,nop,wscale 1>
05:14:17.714025 IP 10.10.2.1.33671 > dcs-home-1.dcs.wisc.edu.www: S 
2600480320:2600480320(0) win 5840 <mss 1460,sackOK,timestamp 1538638 
0,nop,wscale 1>

Any ideas ?
Reply to: