Hi, On Fri, 9 Jan 2004, Daniel Hartmeier wrote:
> Why do you assume those are incoming packets? Might as well be > _outgoing_ packets, with you being the one sending out packets with > unroutable source addresses. That would explain all inconsistencies you > mention, assuming you're passing such packets out or drop them without > logging. > > Run tcpdump with additional flag -e, so you see the MAC addresses > involved, and compare source MAC address with your own NIC. Sorry Daniel but those packets are incoming packets from 127.0.0.1 for my external interface. $ tcpdump -vvnttte -i rl0 host 127.0.0.1 tcpdump: listening on rl0 Jan 09 15:37:24.850608 0:7:cb:1:8:fd 0:50:fc:5a:4d:9e 0800 64: 127.0.0.1.80 > 82.67.44.32.1268: R [tcp sum ok] 0:0(0) ack 1526333441 win 0 (ttl 124, id 12724) $ ifconfig rl0 rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 address: 00:50:fc:5a:4d:9e media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::250:fcff:fe5a:4d9e%rl0 prefixlen 64 scopeid 0x1 inet 82.67.44.32 netmask 0xffffff00 broadcast 82.67.44.255 Source address 0:7:cb:1:8:fd is the MAC address of my "Freebox", a network equipement for connection with my ISP. It is connected to rl0 Ethernet interface. For Can Eckar, my configuration is without bridge (2 IF firewall) and my only rule for nat/rdr is : nat on rl0 inet from x.x.x.x/24 to any -> (rl0) where x.x.x.x is my internal LAN adresses. A++, Foxy. -- Laurent Cheylus <[EMAIL PROTECTED]> OpenPGP ID 0x5B766EC2