Hi people.
Just noticed something about the spoof protection on 3.380 when using PPPoE
On a standard fw setup (regular nics on both sides) the spoof protection from iptables looks like this here:
pkts bytes target prot opt in out source destination
0 0 LOG all -- eth0 * 10.0.0.1 0.0.0.0/0
0 0 DROP all -- eth0 * 10.0.0.1 0.0.0.0/0
0 0 LOG all -- eth0 * 10.50.0.0/16 0.0.0.0/0
0 0 DROP all -- eth0 * 10.50.0.0/16 0.0.0.0/0
0 0 LOG all -- eth1 * 10.50.50.1 0.0.0.0/0
0 0 DROP all -- eth1 * 10.50.50.1 0.0.0.0/0
0 0 LOG all -- eth1 * 10.0.0.0/24 0.0.0.0/0
0 0 DROP all -- eth1 * 10.0.0.0/24 0.0.0.0/0
10.50.50.1/16 is the external ip/net (eth1)
10.0.0.1/8 is the internal ip/net (eth0)
But on my real box with PPPoE (eth1) box it looks like this:
pkts bytes target prot opt in out source destination
0 0 LOG all -- eth0 * 10.0.0.1 0.0.0.0/0
0 0 DROP all -- eth0 * 10.0.0.1 0.0.0.0/0
No net protection (BAD) and no external protection from the inside (I think I can live without that though [;)] )
Ruben Andersen
PS: Could very well be related to the no masquerade thingy.
[size="1"][ 14 January 2003, 09:24: Message edited by: Sterion ][/size]
