Morgan Reed wrote:
> Hi all,
>
> I have set up a stock EB2 box at my wife's house (she's in school, not that
> it matters :)) and it works (sort of). Here is my situation/problem(s).
>
> 1. The provider here in Blacksburg is providing ethernet directly, and is
> offering a static external address, but only for external connections. She
> is EXTERNALLY accessible, but the EB2 has to set to a 10.100 address;
> clearly they are using portfw on a box and just forwarding everything. The
> DNS servers they provide are also in the 10.100 range. Unfortunately, I am
> seeing every 10.100 packet in my deny log, i.e.:
>
> Packet log: input DENY eth0 PROTO=2 10.100.80.200:65535
> 239.255.255.250:65535 L=32 S=0x00 I=64721 F=0x0000 T=1 O=0x00000494 (#45)
> Packet log: input DENY eth0 PROTO=2 10.100.80.56:65535 224.0.0.2:65535 L=32
> S=0x00 I=31615 F=0x0000 T=1 O=0x00000494 (#45)
> Packet log: input DENY eth0 PROTO=2 10.100.80.56:65535 224.0.1.24:65535 L=32
> S=0x00 I=31616 F=0x0000 T=1 O=0x00000494 (#45)
The 224.0.1.24 are multicast packets from your isp who is masquerading his
network in the private 10.x.x.x address range.
If you insert a rule in /etc/ipfilter.conf in stopMartians ahead of the rule
that is denying all 10. addresses to specifically deny without logging. This
will make the packet get thrown out before it gets to rule 45 which is probably
some sort of deny everything else that does not get accepted or specifically
rejected.
.
Put this rule in ahead of the
# Multicasts from my provider
# to deny w/o logging used since 2/28/2001
# the /32 only fights the single source and destination addresses
$IPCH -A $LIST -j DENY -p all -s 10.100.80.56/32 -d 224.0.1.24/32 $*
I assume you have already commented out the
# RFC 1918/1627/1597 blocks
# $IPCH -A $LIST -j DENY -p all -s 10.0.0.0/8 -d 0/0 -l $*
don't forget to svi network reload
if it helps cut down the junk in the logs then backup etc.
>
>
> I have adjusted my cron job to rotate and remove a bit faster so my router
> doesn't lock up from full logs, but I can't figure out how to a) figure out
> which rule is actually #45 and b) how to tailor it to deny but not log
> _just_ the 10.100 stuff. I have tried to count through the rules and figure
> out where it is, but to no avail
>
> 2. I can't seem to get sendmail to work behind this odd double NAT setup.
> I have opened up smtp in EB2 (EXTERN_TCP_PORTS="0/0_ssh 0/0_smtp 0/0_www
> 0/0_imap 0/0_pop-3") and I have changed my /etc/hosts on the server so that
> it looks like:
> whickedwheels:/etc# cat hosts
> 127.0.0.1 whickedwheels
> 192.168.1.1 whickedwheels whickedwheels.com
>
> Sendmail seems to start ok, but nothing seems to get to it, it sends out
> just fine, but nothing comes in.
>
> Anyone done a similar setup?
>
> Thanks in Advance
>
> Morgan Reed
I assume that in order to get it working in the private address space you have
$IPCH -A $LIST -j DENY -p all -s 172.16.0.0/12 -d 0/0 -l $*
$IPCH -A $LIST -j DENY -p all -s 192.168.0.0/16 -d 0/0 -l $*
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
