Hello.
I have been logging all connections that pass my router's public interface
that have private IP address. I use following command to archieve this:
tcpdump -s 0 -i eth0 -w privateips.cap 'not src host 10.203.64.1 and (net
192.168 or net 10 or net 172.16/12)'
My NAT chain's POSTROUTING table is following:
Chain POSTROUTING (policy ACCEPT 12M packets, 1442M bytes)
pkts bytes target prot opt in out source
destination
4244K 415M MASQUERADE 0 -- * eth0 0.0.0.0/0
0.0.0.0/0 /* NAT outgoing */
7 420 MASQUERADE 0 -- * ppp0 0.0.0.0/0
0.0.0.0/0
404K 46M SNAT 0 -- * wlan0 0.0.0.0/0
0.0.0.0/0 to:192.168.0.12
Now, looking those logs generated by tcpdump, I can see that some
connections have a private IP when they get logged. Most of the traffic
seems to be bittorrent handshakes.
Is this a bug with connection tracking code or an intentional thing? If
this is an intentional thing, is there any way to disable it? While this
is not an huge issue for me, it would still be nice to not leak LAN IPs to
WAN.
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
