Netfilter issue: inconsistent incoming interface when bridging w/ PPP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have a DSL card (a Traverse Technologies Solos ATM/DSL card) than
exposes a PPPoE adaptation layer as an ethernet interface (nas0).

I've set up bridging (br0=eth0+nas0).  And I'm using an iptables based firewall
(Arno's iptables firewall 1.9.2c).

I'm running PPP over br0.  (Why did I do this?  So I could stick a
packet sniffer on eth0 and get traces of everything going out over the
DSL...)

Problem is, I can't tell if I need to set my external (ingress) interface to br0,
or to ppp0... because the logs show both (IN=br0 and IN=ppp0) -- even for the same
packet!  Not sure why.

Any suggestions (besides "don't use bridging!!!")?

Is this an artifact of PPP and pseudo-interfaces, or of bridging, or both?

Thanks,

-Philip


Aug 18 13:34:01 pbx user.warn kernel: TRACE: raw:PREROUTING:policy:3 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 
Aug 18 13:34:01 pbx user.warn kernel: TRACE: mangle:PREROUTING:policy:1 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=33058192
Aug 18 13:34:01 pbx user.warn kernel: TRACE: nat:PREROUTING:rule:1 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 AC
Aug 18 13:34:01 pbx user.warn kernel: TRACE: nat:NAT_PREROUTING_CHAIN:return:1 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3
Aug 18 13:34:01 pbx user.warn kernel: TRACE: nat:PREROUTING:rule:16 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 A
Aug 18 13:34:01 pbx user.warn kernel: TRACE: nat:POST_NAT_PREROUTING_CHAIN:return:1 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 
Aug 18 13:34:01 pbx user.warn kernel: TRACE: nat:PREROUTING:policy:17 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212
Aug 18 13:34:01 pbx user.warn kernel: TRACE: mangle:INPUT:policy:1 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT:rule:1 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:BASE_INPUT_CHAIN:return:6 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN 
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT:rule:2 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT_CHAIN:return:1 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT:rule:3 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:HOST_BLOCK:return:11 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WIN
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT:rule:4 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:SPOOF_CHK:return:5 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT:rule:8 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:VALID_CHK:return:22 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT:rule:9 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:EXT_INPUT_CHAIN:rule:58 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN UR
Aug 18 13:34:01 pbx user.info kernel: AIF:UNPRIV connect attempt: IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 WINDOW=5840 RES=0x00 SYN URGP=0 
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:EXT_INPUT_CHAIN:rule:61 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN UR
Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:POST_INPUT_DROP_CHAIN:return:1 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00



--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux