Re: [Shorewall-users] Shorewall Reject PPP LCP packets?

Wed, 21 Sep 2016 09:00:19 -0700 

Hi Simon,
Thanks for taking the time to write, sorry timezone and business have delayed 
my acknowledgement...
No problem blocking PPPoE from the loc zone, I'm just not sure the protocol 
number(s) I would use to achieve that.
I don't know how the device is spoofing the packets, I presume it's not 
intentional but an unintended consequence of other traffic being misinterpreted 
by my firewall, and am wondering if there are any shorewall rules I could 
install that might be able to trap/mask the behaviour.
Your thought about eth1 and eth0 being joined is certainly worth asking, but 
not the case here, eth0 has only a single cable to the DSL modem ppp0
It may not be anything to do with LCP packets at all, but something from this 
problem PC is causing the DSL modem to think it is being asked to shut down the 
ppp connection, in some instances (but not all instances) it even reports "ppp 
closed by user request" in the ppp log.
If you have any thoughts to offer I'm all ears...
thanks again for your time

      From: Simon Hobson <li...@thehobsons.co.uk>
 To: Shorewall Users <shorewall-users@lists.sourceforge.net> 
 Sent: Tuesday, 20 September 2016, 20:09
 Subject: Re: [Shorewall-users] Shorewall Reject PPP LCP packets?
   
I wrote:

> Presumably there's no problem blocking all PPPoE traffic from the loc zone ?

And looking at https://tools.ietf.org/html/rfc2516 it says :

> The ETHER_TYPE is set to either 0x8863 (Discovery Stage) or 0x8864 (PPP 
> Session Stage).

But how is the device spoofing the PPPoE LCP Terminate packets ? And more 
importantly, how are these non-routable packets getting through the firewall ?

Thought ...
You haven't linked eth0 and eth1 together on the same network are you ?


------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


   
------------------------------------------------------------------------------

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to