Hi!
I'm using freebsd 5.4 with ipfw+natd+dummynet. Everything work well,
except that sometimes natd daemon require too match resources.
I run natd in verbose mode and i found some traffic that is strange for me.
For example:
In {default} 0000ffff[TCP] [TCP] 89.38.249.21:4111 -> myIP:1085 aliased to
[TCP] 89.38.249.21:4111 -> myIP:1085
In {default} 0000ffff[UDP] [UDP] 196.219.167.100:1831 -> myIP:20278
aliased to
[UDP] 196.219.167.100:1831 -> myIP:20278
In {default} 0000ffff[TCP] [TCP] 64.125.154.81:39840 -> myIP:2800
aliased to
[TCP] 64.125.154.81:39840 -> myIP:2800
It's like natd don't change destination ip.
I don't have applications running on server that listen to these ports
1085, 20278, 2800,.....
Usually natd change destination ip for packets according with some
internal tables. So what is with this traffic?
I don't have public IP's in my LAN, only private . Some legitimate
traffic is like this:
In {default} 0000ffff[UDP] [UDP] 89.39.74.183:31336 -> myIP:17324
aliased to
[UDP] 89.39.74.183:31336 -> 10.0.0.115:17324
If is some illegal traffic, how can be blocked with ipfw.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
