--- Aleksandar Milivojevic <amilivojevic@xxxxxx> wrote: > Jordi Warmenhoven wrote: > > After having set up iptables, I notice that the > Linux > > box drops all lot of outside traffic (mostly MS > > broadcasts) with DST=[my WinIP] SRC=[some host]. > It is > > _always_ the MS-Windows IP address that ends up in > > the FORWARD filter chain. Since I am just a simple > > client on the network, is there maybe some Proxy > ARP > > gateway that keeps the two IP addresses mapped > against > > my MAC? > > Back to the topic, > they might route traffic for both addresses to you, > regardless of which > OS you are currently booted in. > Although, I'm not > sure why there are no > ARP requests to check if the address is still alive > and valid on that > wire (there should be, I'm seeing a hole lot of > those on my cable modem). Yes, seems like their ARP Proxy cache timeout is set really long. I wonder what would happen if I do a "-j REJECT --reset-with icmp-host-unreachable" on this particular FORWARD traffic. Would it remove the false entry in the ARP cache on the gateway? > The traffic you are seeing dropped is most likely > worms trying out > random IP addresses in search for new systems to > infect. Not so sure there. It's mostly MS-Windows TCP 445 connections I drop in the FORWARD chain, similar to the traffic I drop in the INPUT chain (which could be worms). I think worms prefer to really enter the box instead of trying to get rerouted in my FORWARD chain. > BTW, if your > box is not acting as an router, you should disable > IP forwarding. Well, I masquerade a Sony Playstation behind my Linux box, so I need forwarding from time to time :-) -Jordi ___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com
