On Mon, 2011-08-15 at 16:33 -0400, Whit Blauvelt wrote: > On Mon, Aug 15, 2011 at 10:52:35AM -0700, Tom Eastep wrote: > > > On Aug 15, 2011, at 10:13 AM, Whit Blauvelt wrote: > > > > We're now seeing the same behavior from both iptables 1.4.8 on Debian > > > Squeeze and 1.3.8 on Ubuntu 8.04 (on totally different hardware). The common > > > factor is that this is all traffic coming in via our Cogent pipe. When > > > traffic comes in via either of our two other Speakeasy/Megapath pipes > > > Netfilter sees all the interface specifications correctly. > > > > This behavior is usually a sign that your Cogent external firewall > > interface and and your internal firewall interface have accidentally > > become part of the same broadcast domain. I would look for mis-cabling and > > for erroneous VLAN configuration. Whit, I don't have time ATM to give you detailed help, but http://www.shorewall.net/FoolsFirewall.html#id36131257 explains what happens when two firewall interfaces are effectively connected to the same ethernet network. That may help you figure out where the problem is. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
Attachment:
signature.asc
Description: This is a digitally signed message part
