Re: mysterious ipchains deny from 192.168.*.* ??
On Wed, 11 Apr 2001, will trillich wrote:
>---snip---<
> so now here's the BIG mystery --
>
> Apr 8 17:59:48 server kernel: Packet log:
> input DENY eth1 PROTO=1 192.168.241.180:4
> 208.33.90.85:0 L=56 S=0x00 I=12140 F=0x4000 T=240 (#4)
>
> where did THIS packet come from? 192.168.241.180 ? that's an
> intranet ip, a localnet / lan address, theoretically from
> somewhere inside the building. but all we've got inside here
> is 192.168.1.* !!
>
> ideas?
>
I don't know if this applies to you or not, but our local "Road Runner"
Cable service has packets in the 10.X.Y.Z address space all over the
network. A friend noticed this after he used part of this space for his
home LAN, and noticed some "strange" entries in his IPMasq logs. It
turns out that the local RR has an "internal" network too...apparently
for monitoring/control of their cable network. The only "real" problem
was the numerous entries filling up his logs. The "fix" was to narrow
his netmask from 255.0.0.0 to 255.255.255.0. This effectively blocked
out all the local RR traffic from the logs. The "Deny" says your
firwall/IPMasq setup is doing it's job, I think. I wonder if your cable
service is doing something similar??
In relation to this "fix", I noticed in a later post (where you sent
your networking setup) that you are using a netmask of 255.255.0.0, but
are using a LAN "network" of 192.168.1.xxx. I would bet that if you set
your netmask to 255.255.255.0, these mysterious log entries would go
away.
Appologies offered for these "speculations", but you DID ask for
ideas....<g>
Cheers,
-Don Spoon-
Reply to: