Re: Netfilter issue: inconsistent incoming interface when bridging w/ PPP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Might be a known issue with rp-pppoe:

http://lists.roaringpenguin.com/pipermail/rp-pppoe/2009q2/000021.html


Philip A. Prindeville wrote:
> I have a DSL card (a Traverse Technologies Solos ATM/DSL card) than
> exposes a PPPoE adaptation layer as an ethernet interface (nas0).
>
> I've set up bridging (br0=eth0+nas0).  And I'm using an iptables based firewall
> (Arno's iptables firewall 1.9.2c).
>
> I'm running PPP over br0.  (Why did I do this?  So I could stick a
> packet sniffer on eth0 and get traces of everything going out over the
> DSL...)
>
> Problem is, I can't tell if I need to set my external (ingress) interface to br0,
> or to ppp0... because the logs show both (IN=br0 and IN=ppp0) -- even for the same
> packet!  Not sure why.
>
> Any suggestions (besides "don't use bridging!!!")?
>
> Is this an artifact of PPP and pseudo-interfaces, or of bridging, or both?
>
> Thanks,
>
> -Philip
>
>
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: raw:PREROUTING:policy:3 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: mangle:PREROUTING:policy:1 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=33058192
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: nat:PREROUTING:rule:1 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 AC
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: nat:NAT_PREROUTING_CHAIN:return:1 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: nat:PREROUTING:rule:16 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 A
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: nat:POST_NAT_PREROUTING_CHAIN:return:1 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: nat:PREROUTING:policy:17 IN=br0 OUT= PHYSIN=nas0 MAC=00:00:01:00:00:00:00:21:a1:75:b8:1c:88:64 SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: mangle:INPUT:policy:1 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT:rule:1 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:BASE_INPUT_CHAIN:return:6 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN 
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT:rule:2 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT_CHAIN:return:1 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT:rule:3 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:HOST_BLOCK:return:11 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WIN
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT:rule:4 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:SPOOF_CHK:return:5 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT:rule:8 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:VALID_CHK:return:22 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:INPUT:rule:9 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:EXT_INPUT_CHAIN:rule:58 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN UR
> Aug 18 13:34:01 pbx user.info kernel: AIF:UNPRIV connect attempt: IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 WINDOW=5840 RES=0x00 SYN URGP=0 
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:EXT_INPUT_CHAIN:rule:61 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00 SYN UR
> Aug 18 13:34:01 pbx user.warn kernel: TRACE: filter:POST_INPUT_DROP_CHAIN:return:1 IN=ppp0 OUT= PHYSIN=nas0 MAC= SRC=66.232.79.143 DST=63.224.43.239 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44335 DF PROTO=TCP SPT=42905 DPT=22007 SEQ=3305819212 ACK=0 WINDOW=5840 RES=0x00
>
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>   

--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux