Re: [TCLUG:12881] [chewie@wookimus.net: Interface Envy]

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:12881] [chewie@wookimus.net: Interface Envy]
From: Scott Dier - dieman <dieman@ringworld.org>
Date: Tue, 25 Jan 2000 12:38:39 -0600 (CST)
In-Reply-To: <20000125100547.E21296@wookimus.net>

Whatever application you are using is refrencing the current ip from hosts
or wherever instead of using localhost.  The routing table says that that
ip is on eth0.  Hence it gets routed there, the kernel grabs it before it
goes out and it come back as if it came from the 'net.

Find the app and tell it to use localhost.

On Tue, 25 Jan 2000, ^chewie wrote:

> I'm forwarding this to the TCLUG list since responses are a little faster
> than through debian-firewall ;-).
> 
> ^chewie
> 
> ----- Forwarded message from ^chewie <chewie@wookimus.net> -----
> From: ^chewie <chewie@wookimus.net>
> To: debian-firewall@lists.debian.org
> Subject: Interface Envy
> 
> I've got a strange problem here, though it may not really be a problem.
> I've set up my firewall in the same manner as described in the
> IPCHAINS-HOWTO, Section 7 [1].  In it, I've described an interface chain
> for my Internet interface: inet-if.  
> 
> The linking rule for the inet-if is found in the 'input' chain:
>     ipchains -A input -d <inet_ip_addr> -j inet-if
> 
> The first rule of the inet-if chain is to DENY any input on interfaces
> other than the Internet interface (in this case eth1).
>     ipchains -A inet-if -i ! eth0 -j DENY -l
> 
> Now, this seems very logical, but I get the following type of message
> quite often:
>     Jan 26 09:15:42 mirax kernel: Packet log: inet-if DENY lo PROTO=6
>     209.98.238.114:1680 209.98.238.114:25 L=60 S=0x00 I=25925 F=0x4000
>     T=64 SYN (#1)
> 
> The 'lo' interface is posing as the eth0 interface.  What gives?  Should I
> create a chain to allow lo interface access to all of my other interface
> IP's. 
> 
>     ipchains -I inet-if 1 -i lo -s <inet_ip_addr> -j ACCEPT -l
> 
> Thanks,
> ^chewie
> 
> References:
> [1] IPCHAINS-HOWTO <http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html>
> 

-- 
Scott Dier <dieman@ringworld.org> #nicnac@efnet 612.301.0265
      destiny's admin       | Robots are most often found in server rooms, 
 http://www.ringworld.org   | wire closets, switching stations-basically,
       finger me at         | anywhere that offers maximum expousure to
dieman@destiny.ringworld.org| technology and minimum interaction with
     for gnupg/pgp key	    | human beings.
			    |  -NetSlaves(the book)/B.Lessard/S.Baldwin
			    |    (Robot is a NetSlave caste)

References:
- [chewie@wookimus.net: Interface Envy]
  - From: ^chewie <chewie@wookimus.net>

Prev by Date: Re: [TCLUG:12883] ipchains and tcp-wrappers
Next by Date: Re: [TCLUG:12883] ipchains and tcp-wrappers
Prev by thread: [chewie@wookimus.net: Interface Envy]
Next by thread: bad day (summary)
Index(es):
- Date
- Thread