Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 Oct 2001 13:56:26 -0700
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        Bill Moran <wmoran@iowna.com>
Cc:        "Robin P. Blanchard" <Robin_Blanchard@gactr.uga.edu>, stable@FreeBSD.ORG, questions@FreeBSD.ORG
Subject:   Re: ipfilter/ipnat question
Message-ID:  <20011004135626.F297@blossom.cjclark.org>
In-Reply-To: <01100408440601.01917@proxy.the-i-pa.com>; from wmoran@iowna.com on Thu, Oct 04, 2001 at 08:44:06AM -0400
References:  <3BBC56A5.CA8F47E4@gactr.uga.edu> <01100408440601.01917@proxy.the-i-pa.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Oct 04, 2001 at 08:44:06AM -0400, Bill Moran wrote:
> [This belongs on -questions, I've cced]
> 
> On Thursday 04 October 2001 08:31, Robin P. Blanchard wrote:
> > every now and then in my ipflog i see that ipfilter has blocked packets
> > from the internet destined for machines on my internal network:
> >
> > 01/10/2001 19:30:54.722906 3x dc0 @0:23 b 207.68.131.21,80 ->
> > 192.168.0.126,1045 PR tcp len 20 1500 -A IN
> > 01/10/2001 19:40:50.351123 dc0 @0:23 b 207.46.106.81,80 ->
> > 192.168.0.126,1033 PR tcp len 20 1500 -A IN
> > 02/10/2001 17:43:47.320547 50x dc0 @0:23 b 128.192.37.79,20 ->
> > 192.168.0.126,1148 PR tcp len 20 1500 -A IN
> >
> >
> > my question is: how is it that my internal IPs are getting to these
> > hosts in the first place? shouldn't ipnat have taken care of that on the
> > way out?
> 
> They probably aren't.  Do a traceroute to some well-known sites (such
> as yahoo).  Chances are that your ISP is using RFC-1918 addys on
> their internal routing.  Stupid idea, but it's become commonplace to do
> it.
> IPv6 needs to come into use soon.  This internet thing is such a mess
> that it amazes me that it works at all!

It is much more likely that these are part of a messed up HTTP
connection. 192.168.0.126 is a valid address on your network that
might be browsing the web? The packets are being processed by ipnat(8)
as part of a valid connection but then being blocked at rule 26.
-- 
Crist J. Clark                           cjclark@alum.mit.edu
                                         cjclark@jhu.edu
                                         cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004135626.F297>