Hello,
i have a firewall setup like this:
/--------\
/ Internet \
\---------/
|
___|____
| Router |
----------
|
|
|ext FW interface (y.y.y.y)
___|______
| Firewall | (also routing)
------------
| int FW interface (z.z.z.z) (default gw for PCs on lan)
|
/---------\
/ local net \ a.a.a.0/24
\----------/
my netfilter-based firewall logs packets like this:
INPUT DROP XX: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 \
SRC=a.a.a.a DST=y.y.y.y LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=0 \
DF PROTO=TCP SPT=1249 DPT=8080 WINDOW=0 RES=0x00 RST URGP=0
where a.a.a.a is an IP on my local lan and y.y.y.y is the IP of the external
firewall interface.
I do have a squid proxy running on the firewall listening at 0.0.0.0:8080
and the clients are set up to use y.y.y.y:8080 as proxy, but i find it
rather strange that the IN-interface is listed as 'lo', while it should be
'int0' (i have renamed my interfaces as int0 and ext0 using nameif).
It also seems that I only log packets with the RST flag, no others.
The service itself is running fine, and the packets are dropped because i
only accept packets from lo that have a source address of 127.0.0.1, y.y.y.y
or z.z.z.z).
So unless I understand the concept of loopback completely wrong i think that
IN should only by 'lo' when the source address is on of the IP addresses of
the local interfaces, including lo.
Is this a bug?
I'm using iptables v1.2.6a and linux-2.4.26 with grsecurity-2.0-2.4.26.patch
on a Debian/Woody system.
I would be greateful for an explanation.
thx,
Nils Juergens
Attachment:
signature.asc
Description: Digital signature
