Hi,
I agree with you. But it's odd because I can't find where on the network I
would have this.... here's the run down of what I have.
I have 2 locations where I have routers in my building. Room 1 has a router for
the 192.168.2.0, same room another router for the 10.1.50.0. and another router
for the 74.2.235.0. They all have a link to my warehouse - Room 2, which has a
router for the 74.2.235.0, same room another route with 24 ports, 12 ports are
configured for the 192.168.2.0, and the other 10.1.50.0.
Now just for grins I also disabled some policies in the policy file, now I
should be able to ping between 192.168.2.0 and 10.1.50.0. Even though I
understand that we a re looking for the culprit which is creating a bridge
between the 74.2.235.0 and 10.1.50.0, right?
-------Policy---------
net all DROP info
$FW loc ACCEPT info
$FW loc1 ACCEPT info
loc $FW ACCEPT info
loc1 $FW ACCEPT info
#loc1 loc ACCEPT info (Disabled)
#loc loc1 ACCEPT info (Disabled)
Thanks
________________________________
From: Tom Eastep <[email protected]>
To: Shorewall Users <[email protected]>
Sent: Tuesday, September 1, 2009 5:22:52 PM
Subject: Re: [Shorewall-users] LOC traffic shows up as NET traffic
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/01/2009 01:52 PM, Surge wrote:
> Hi,
>
> This is what I found when I ran the tcpdump on the firewall. It looks
> like the Suse Linux box is getting request to the external interface by
> the Sun box.
"The Sun box" doesn't mean anything to us -- but I'm guessing that it is
the box with MAC address 00:03:ba:1b:95:10 since that is a Sun MAC.
I'm a bit more confused now than before.....
>
> 16:38:59.262393 00:03:ba:1b:95:10 > 00:0c:29:74:9c:0c, ethertype IPv4
> (0x0800),
> length 69: 10.1.50.10.39371 > 10.1.50.7.53: 20785+ A? yahoo.com. (27)
> 16:38:59.619216 00:80:64:20:eb:85 > ff:ff:ff:ff:ff:ff, ethertype IPv4
> (0x0800),
> length 296: 10.1.50.198.68 > 255.255.255.255.67: BOOTP/DHCP, Request
> from 00:80:
> 64:20:eb:85, length 254
The sending MAC addresses are different.
>
> Here is the ipconfig -all of the firewall, the netstat -rn shows default
> route 10.1.50.7 and the resolv.conf has 10.1.50.7
> ----------Firewall ---------------------
> eth3 Link encap:Ethernet HWaddr 00:0C:29:74:9C:F8
> inet addr:10.1.50.7 Bcast:10.1.50.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:164507 errors:0 dropped:0 overruns:0 frame:0
> TX packets:42921 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:19329107 (18.4 Mb) TX bytes:14528295 (13.8 Mb)
> Interrupt:18 Base address:0x1400
> eth4 Link encap:Ethernet HWaddr 00:0C:29:74:9C:02
> inet addr:192.168.2.7 Bcast:192.168.2.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:13600 errors:0 dropped:0 overruns:0 frame:0
> TX packets:318 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1055431 (1.0 Mb) TX bytes:17689 (17.2 Kb)
> Interrupt:19 Base address:0x1480
> eth5 Link encap:Ethernet HWaddr 00:0C:29:74:9C:0C
> inet addr:74.2.235.59 Bcast:74.2.235.63 Mask:255.255.255.240
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:172988 errors:0 dropped:0 overruns:0 frame:0
> TX packets:24787 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:31690672 (30.2 Mb) TX bytes:4432651 (4.2 Mb)
> Interrupt:16 Base address:0x1800
>
> Here is the ipconfig -a for the box that I've been testing that has
> issue doing a DNS query
> ----------Client-------------------
> ce4: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
> inet 192.168.2.10 netmask ffffff00 broadcast 192.168.2.255
> ether 0:3:ba:1b:95:1e
> ce5: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
> inet 192.168.3.11 netmask ffffff00 broadcast 192.168.3.255
> ether 0:3:ba:1b:95:1f
> ce6: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
> inet 10.1.50.10 netmask ffffff00 broadcast 10.1.50.255
> ether 0:3:ba:1b:95:10
---------------
I assume that this Sun system is connected through eth3 on the SuSE system?
So how can you explain these packets arriving on eth5 other than that
eth3 and eth5 are bridged?
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkqdkKsACgkQO/MAbZfjDLJBSACgkWoXAob4Yo8onaeGYmi35oDg
e5gAoLgQxHCM6qil444/D5LzJlb4LnbP
=okE2
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
