iptables - external IP address on internal interface?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have a question for the iptables experts out there.

I previously asked this question on this forum here.

But no satisfactory answer was given.

I have an iptables firewall, where *eth0* is the *internal interface*,
and _eth1 is the external interface_. eth1 is connected directly to the
internet, and this box is also a NAT router.

I am seeing traffic sourced from external IP addresses on eth0 (internal
interface) - how can this be? (see logs below)

Is there a rule I can add to prevent this?

---- log entries below -------------

Logged 663 packets on interface eth0
   From 74.217.240.81 - 181 packets to
tcp(2666,2674,2683,2685,2689,2694,2700,2704,2796,2799,2801,2806,2811,285
2,2860,2863,2868,2876,2877,2882,2886,2887,2892,2920,2926,2930,2942,2948,
3251,3253,3261,3268,3274,3286,3290,3293,3295,3300,3380,3425,3461,3559,36
21,3659,3686,3711) 
   From 74.217.240.83 - 14 packets to tcp(1572) 
   From 212.118.226.90 - 174 packets to
tcp(2365,2382,2462,2467,2479,2485,2522,2539,2550,2570,2599,2604,2610,262
7,2637,2642,2668,2684,2686,2690,2696,2701,2743,2751,2763,2783,2802,2807,
2813,2861,2875,2884,2893,2921,2941,2957,2969,2986,3015,3041,3045,3051,31
95,3240,3241,3252,3254,3269,3287,3301) 
   From 212.118.226.91 - 271 packets to
tcp(1408,1444,1484,1506,1521,1528,2300,2356,2364,2384,2460,2466,2470,248
4,2523,2538,2544,2569,2575,2598,2601,2626,2643,2647,2742,2744,2753,2757,
2762,2766,2773,2781,2784,2789,2950,2954,2956,3005,3013,3017,3027,3032,30
40,3044,3050,3194,3202,3211,3228,3235,3239,3305,3467,3494,3506,3526,3536
,3719,3727,3813) 
   From 212.118.226.93 - 23 packets to tcp(1419,1495,4362,4385,4416) 
 
 Logged 632 packets on interface eth1
   From 1.112.169.252 - 2 packets to tcp(445) 
   From 2.201.14.207 - 3 packets to tcp(445) 
   From 14.96.161.61 - 2 packets to tcp(445) 
   From 17.172.237.52 - 2 packets to tcp(49641)
<snip>

------------------------
This email was scanned by BitDefender.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux