Re: kernel: NAT: 0 dropping untracked packet c1aa2300 1 10.20.30.132 -> 62.142.131.12

To: Martin Fluch <fluch@rock.helsinki.fi>
Cc: <debian-security@lists.debian.org>
Subject: Re: kernel: NAT: 0 dropping untracked packet c1aa2300 1 10.20.30.132 -> 62.142.131.12
From: Aaron Dewell <acd@woods.net>
Date: Sat, 31 Mar 2001 08:26:27 -0700 (MST)
Message-id: <[🔎] Pine.LNX.4.31.0103310820360.31435-100000@spruce.woods.net>
In-reply-to: <[🔎] Pine.LNX.4.21.0103311351360.994-101000@seneca.localnet>

I assume that is on the ethernet side facing the ISP?  Or that you have one
ethernet card and all traffic is going there?  Cable modem?  (read: shared
media)

My bet would be that someone else is doing NAT as well, and you are seeing
their packets too (probably because they are using only one card as well),
but your box doesn't know about their NATd box, so it complains.

You could add a rule to PREROUTING that drops anything from 10/8 that you
aren't using, then you probably wouldn't see those messages anymore.

Aaron

On Sat, 31 Mar 2001, Martin Fluch wrote:
> Hello,
>
> I have the following problem. A few days before I compiled my 2.4.2 kernel
> with support for NAT in order to get a computer of a friend of mine
> connected to the internet (we had to masquerade his computer since my ISP
> has fixed the internet connection to the MAC address of my network card,
> but that's an other story). The whole thing went ok, but there is one
> thing which puzzles me.
>
> >From the begining I got ever once in a while a message of the following
> type in my logs:
>
> Mar 31 13:50:17 seneca kernel: NAT: 0 dropping untracked packet c1ecc980 1
> 10.20.30.132 -> 62.142.131.12
>
> Ok, that might happen I thought (and I am anything else but a expert in
> this NAT stuff, so I realy don't know, what this message means, but as
> long as it happend only seldom I didn't care much about it). But yesterday
> the appareance of these messages started to increase and today its realy
> anoying. So I'm realy wondering, what's going on here? Especialy offten
> the source address 10.20.30.132 is mentioned, once in a while (but
> seldom) there are other addresses outside the local network, for example
> 169.254.27.17 (About my network: My IP is 62.142.131.26, the gateway is
> 62.142.131.1)
>
> I've attached the gnuziped part of kern.log from the last reboot on (45
> min containing about 300 messages). Perhaps somebody has a clue, what is
> going on here in the network?
>
> Thank you in advance,
> Martin
>

Reply to:

Follow-Ups:
- Re: kernel: NAT: 0 dropping untracked packet c1aa2300 1 10.20.30.132 -> 62.142.131.12
  - From: Rishi L Khan <rishi@UDel.Edu>

References:
- kernel: NAT: 0 dropping untracked packet c1aa2300 1 10.20.30.132 -> 62.142.131.12
  - From: Martin Fluch <fluch@rock.helsinki.fi>

Prev by Date: kernel: NAT: 0 dropping untracked packet c1aa2300 1 10.20.30.132 -> 62.142.131.12
Next by Date: Re: kernel: NAT: 0 dropping untracked packet c1aa2300 1 10.20.30.132 -> 62.142.131.12
Previous by thread: kernel: NAT: 0 dropping untracked packet c1aa2300 1 10.20.30.132 -> 62.142.131.12
Next by thread: Re: kernel: NAT: 0 dropping untracked packet c1aa2300 1 10.20.30.132 -> 62.142.131.12
Index(es):
- Date
- Thread