On Tue, Jan 28, 2003 at 11:29:36PM +0100, Erik Ahlner wrote:
> Hello!
>
> I just happened to do a dmesg, and got this output:
>
> IN=eth0 OUT=eth0 SRC=192.168.0.186 DST=130.236.230.9 LEN=74 TOS=0x00
> PREC=0x00 TTL=127 ID=14459 PROTO=UDP SPT=137 DPT=53 LEN=54
> IN=eth0 OUT=eth0 SRC=192.168.0.186 DST=130.236.230.9 LEN=74 TOS=0x00
> PREC=0x00 TTL=127 ID=14715 PROTO=UDP SPT=137 DPT=53 LEN=54
> IN=eth0 OUT=eth0 SRC=192.168.0.88 DST=217.209.28.135 LEN=48 TOS=0x00
> PREC=0x00 TTL=127 ID=37469 DF PROTO=TCP SPT=2418 DPT=80 WINDOW=16384
> RES=0x00 SYN URGP=0
>
>
> As you can see, i get some message about traffic from 192.168.0.186 and .88
> .. these two computers are NOT in my home network, so i guess that someone
> has named his computers like that on the university network, even though the
> university network has 130.236.x.x.
> Is this a problem for me?
> And what does this output actually mean?
> Has someone used my computer as a router?
> If they have, how is that possible?
> This is what my iptable looks like:
>
> $IPTABLES -P INPUT ACCEPT
> $IPTABLES -F INPUT
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -F OUTPUT
> $IPTABLES -P FORWARD DROP
> $IPTABLES -F FORWARD
> $IPTABLES -t nat -F
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
> $IPTABLES -A FORWARD -j LOG
^^^^^^
This is what causes the messages in dmesg. You probably want to change
the INPUT rule below to be a FORWARD one. Make sure to put it ABOVE the
two other FORWARD rules above, otherwise they'll get the packet first
and just pass it anyway.
> $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
> $IPTABLES -A INPUT -s 192.168.0.0/24 -i eth0 -j DROP
Actually, just go find a DECENT fw script and use that ;).
HTH,
-Ath
--
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
Finger athan(at)fysh.org for PGP key
"And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME
Attachment:
pgp00288.pgp
Description: PGP signature
