rp_filter not working ??
Michael A. Dietz
mad099@dietznet.net
Wed, 20 Sep 2000 15:47:21 -0500 (CDT)
I'm getting the following message in my logs:
Sep 20 13:37:15 prodigy kernel: NAT: 0 dropping untracked packet c37266e01
192.168.63.4 -> 64.193.211.233
Sep 20 13:37:15 prodigy kernel: NAT: 0 dropping untracked packet c37266e01
192.168.63.5 -> 64.193.211.233
Now, it's not the actually message that concerns me, but the source
address. There are no machines on my internal network with that address
(AND my NAT rule wouldn't NAT them anyway).
What alarms me is that the packets seem to have been NATed at one time,
maybe I'm wrong here. But, shouldn't any packets with a private address
like that get dropped before the netfilter code by rp_filter (which is set
to 1 for all interfaces) since it is obviously spoofed ? AND, what
interface is it coming into ?
Am I missing something obvious ? If not it's time to pull out tcpdump and
start dumping !
----------------
Running on Linux 2.4
Michael A. Dietz
mad099@dietznet.net