Hi,
On Fri, 9 Jan 2004, Daniel Hartmeier wrote:
> Why do you assume those are incoming packets? Might as well be
> _outgoing_ packets, with you being the one sending out packets with
> unroutable source addresses. That would explain all inconsistencies you
> mention, assuming you're passing such packets out or drop them without
> logging.
>
> Run tcpdump with additional flag -e, so you see the MAC addresses
> involved, and compare source MAC address with your own NIC.
Sorry Daniel but those packets are incoming packets from 127.0.0.1 for my
external interface.
$ tcpdump -vvnttte -i rl0 host 127.0.0.1
tcpdump: listening on rl0
Jan 09 15:37:24.850608 0:7:cb:1:8:fd 0:50:fc:5a:4d:9e 0800 64:
127.0.0.1.80 > 82.67.44.32.1268: R [tcp sum ok] 0:0(0) ack 1526333441 win
0 (ttl 124, id 12724)
$ ifconfig rl0
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
address: 00:50:fc:5a:4d:9e
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::250:fcff:fe5a:4d9e%rl0 prefixlen 64 scopeid 0x1
inet 82.67.44.32 netmask 0xffffff00 broadcast 82.67.44.255
Source address 0:7:cb:1:8:fd is the MAC address of my "Freebox", a network
equipement for connection with my ISP. It is connected to rl0 Ethernet
interface.
For Can Eckar, my configuration is without bridge (2 IF firewall) and my
only rule for nat/rdr is :
nat on rl0 inet from x.x.x.x/24 to any -> (rl0) where x.x.x.x is my
internal LAN adresses.
A++, Foxy.
--
Laurent Cheylus <[EMAIL PROTECTED]> OpenPGP ID 0x5B766EC2
