No subject


Sat Jun 20 14:05:19 CEST 2009 

# Set everything else to deny all other network access (debug=1):
$tbls -A dsl-for -j LOG --log-level $debug --log-prefix "dsl-for Everything
Else "
$tbls -A dsl-for -j DROP

packets originating on my VLAN (eth0.5) destined for the Internet get logged
with their IN/SRC, OUT/DST logged backwards.  For instance, this is Cobian
Backup (http://www.cobian.se/cobianbackup.htm) on my Windows Server 2008
Terminal Server (192.168.254.12) trying to contact Cobian's web site
(130.239.140.240) to see if there is an update available:

Nov 24 15:49:26 server kernel: dsl-for Everything Else IN=eth1 OUT=eth0.5
SRC=130.239.140.240 DST=192.168.254.12 LEN=52 TOS=0x00 PREC=0x00 TTL=110
ID=16637 PROTO=TCP SPT=2002 DPT=49310 WINDOW=16384 RES=0x00 ACK SYN URGP=0

You will note that IN and OUT, SRC and DST are backwards.  I have since created
a rule to allow Cobian out (the rules work correctly) .  I have had this happen
on POP3 from my Terminal Server too.  (I have since create a rule for POP3 as
well.)

Until I figured this out, it was very confusing.  For instance when I ran
Cobian's eMail configuration test, I saw a SYN packet coming from my ISP to my
Terminal Server.  Made no sense whatsoever, until I realized the LOG had things
backwards.

Many thanks,

-T

~~~~~~~~~~~~~ifcfg-eth0~~~~~~~~~~~~~~~
# Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper)
DEVICE=eth0
BOOTPROTO=none
BROADCAST=192.168.255.255
IPADDR=192.168.255.10
NETMASK=255.255.255.0
NETWORK=192.168.255.0
GATEWAY=192.168.255.10
ONBOOT=yes
USERCTL=yes
IPV6INIT=no
PEERDNS=no
PROMISC=yes
TYPE=Ethernet
HWADDR=00:30:48:78:8e:92

~~~~~~~~~~~~~ifcfg-eth0.5 (VLAN)~~~~~~~~~~~~~~~
# Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper)
#DEVICE=ifcfg-eth0.5
DEVICE=eth0.5
BOOTPROTO=none
BROADCAST=192.168.254.255
IPADDR=192.168.254.10
NETMASK=255.255.255.0
NETWORK=192.168.254.0
GATEWAY=192.168.254.10
ONBOOT=yes
USERCTL=yes
IPV6INIT=no
PEERDNS=no
PROMISC=yes
TYPE=Ethernet
VLAN=yes


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the netfilter-buglog mailing list