> I'm looking at a packet from a packet capture. The packet's IP > address was sourced within our LAN, destination a server out on > the Internet (it is a tcp ack, part of an ongoing session) The > packet's mac addresses were sourced from the inside interface of > the firewall and destination to our LAN's core router. Our > firewall is operating in bridging mode, however, not routing. It > has a management IP address on the inside interface, but that's > it. No other IP address assigned. > > Under what conditions would an ipfw bridging firewall grab hold > of an outgoing packet and send it back, substituting it's own mac > address for the source and the inner LAN router for the destination? > > TIA for any insight > > Fred Portnoy > Network Analyst > Plymouth State University
There are probably a few reasons I can't think of, but there are a few obvious ones. First, the machine that sent the packet may have the firewall's management IP set as its default route or as a route to that destination. Second, the machine that sent the packet may have received an ICMP redirect from the firewall. Third, the packet might be maliciously crafted. Fourth, the firewall may have either fragmented or reassembled the packet. DS _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
