Date: Thu, 4 Oct 2001 08:44:06 -0400 From: Bill Moran <wmoran@iowna.com> To: "Robin P. Blanchard" <Robin_Blanchard@gactr.uga.edu>, stable@freebsd.org Cc: questions@freebsd.org Subject: Re: ipfilter/ipnat question Message-ID: <01100408440601.01917@proxy.the-i-pa.com> In-Reply-To: <3BBC56A5.CA8F47E4@gactr.uga.edu> References: <3BBC56A5.CA8F47E4@gactr.uga.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
[This belongs on -questions, I've cced] On Thursday 04 October 2001 08:31, Robin P. Blanchard wrote: > every now and then in my ipflog i see that ipfilter has blocked packets > from the internet destined for machines on my internal network: > > 01/10/2001 19:30:54.722906 3x dc0 @0:23 b 207.68.131.21,80 -> > 192.168.0.126,1045 PR tcp len 20 1500 -A IN > 01/10/2001 19:40:50.351123 dc0 @0:23 b 207.46.106.81,80 -> > 192.168.0.126,1033 PR tcp len 20 1500 -A IN > 02/10/2001 17:43:47.320547 50x dc0 @0:23 b 128.192.37.79,20 -> > 192.168.0.126,1148 PR tcp len 20 1500 -A IN > > > my question is: how is it that my internal IPs are getting to these > hosts in the first place? shouldn't ipnat have taken care of that on the > way out? They probably aren't. Do a traceroute to some well-known sites (such as yahoo). Chances are that your ISP is using RFC-1918 addys on their internal routing. Stupid idea, but it's become commonplace to do it. IPv6 needs to come into use soon. This internet thing is such a mess that it amazes me that it works at all! -- Bill Moran Potential Technology technical services (412) 793-4257 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01100408440601.01917>