Brian J. Murrell wrote: > On Fri, 2007-02-09 at 19:07 -0800, Tom Eastep wrote: >> In the meantime, what Shorewall version are you running? > > 3.2.3 > > Perhaps the rule should be, in shorewall, that if you run multi-isp with > balance, you CANNOT use rp_filter and instead shorewall should[1] > install anti-spoofing rules for you. > > [1] Can it? Is there always enough information in the config files to > construct an all inclusive set of anti-spoofing rules? If not, is there > even optionally a way to specify everything needed for comprehensive > anti-spoofing rules?
Before we start discussing remedies, I think we need to understand how a packet addressed to your pppoe interface arrived from your other ISP's router. Please run a tcpdump on eth1 filtering on host 66.11.173.224. That way, we can see what these packets are. Also, do you run any client applications on the firewall box that initiate connections to the Internet? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
