On Aug 15, 2011, at 10:13 AM, Whit Blauvelt wrote: > This is related to a couple of messages I sent to the list 3 weeks ago, with > some additional information. The basic problem is that Netfilter is seeing > some traffic lately as coming in on the wrong interface, which we notice > when that traffic gets blocked or gets by when it shouldn't, since some of > our rules specify interfaces. > > We're now seeing the same behavior from both iptables 1.4.8 on Debian > Squeeze and 1.3.8 on Ubuntu 8.04 (on totally different hardware). The common > factor is that this is all traffic coming in via our Cogent pipe. When > traffic comes in via either of our two other Speakeasy/Megapath pipes > Netfilter sees all the interface specifications correctly. This behavior is usually a sign that your Cogent external firewall interface and and your internal firewall interface have accidentally become part of the same broadcast domain. I would look for mis-cabling and for erroneous VLAN configuration. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
