----- Original Message ----- From: "Daniel Chemko" <dchemko@xxxxxxxxxx>
To: "mdpeters" <michael.peters@xxxxxxxxxxxxxxxxxxx>; "Jason Opperisano" <opie@xxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Friday, January 07, 2005 4:38 PM
Subject: RE: transparent bridge troubles?
mdpeters wrote:
Du'oh!
I changed it and this is what I see so far. I'm running a Nessus scan on one side of the bridge and the target system is at the other side of the bridge.
PRE QUEUEIN=safetynet0 OUT=safetynet0 PHYSIN=eth2 PHYSOUT=eth1 SRC=68.16.185.132 DST=68.16.185.130 LEN=41 TOS=0x00 PREC=0x00 TTL=64 ID=3072 PROTO=TCP SPT=3133 DPT=45495 WINDOW=2048 RES=0x00 ACK URGP=0
POST QUEUEIN=safetynet0 OUT=safetynet0 PHYSIN=eth2 PHYSOUT=eth1 SRC=68.16.185.132 DST=68.16.185.130 LEN=41 TOS=0x00 PREC=0x00 TTL=64 ID=3072 PROTO=TCP SPT=3133 DPT=45495 WINDOW=2048 RES=0x00 ACK URGP=0
Ok, since there was no return traffic, I'm assuming that the destination host doesn't know the firewall's in between the two PC's. In 68.16.185.130's arp table, does it have 68.16.185.132 mapped to your firewall's eth1 interface? Is proxyARPing setup on both firewall interfaces? This is leaving my knowledge realm, so if someone else can help..
