[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] problem when using VLANs and NAT
 Date:  Mon, 12 Jun 2006 14:38:51 -0400
On 6/12/06, Molle Bestefich <molle dot bestefich at gmail dot com> wrote:
> In case anyone is interested, after a couple of days of work I finally
> found the problem.
> Turns out that the box behind my m0n0wall transmitted packets with a
> wrong TCP checksum.
> m0n0wall dropped the packets (as expected), but logged nothing in the
> firewall log !!

Unless you disabled logging on the default rules, had it hit the
firewall rules it would have gotten logged under any circumstance.
I'm quite certain that a packet with a bad TCP checksum won't get far
enough into the kernel to even get to the firewall.  Does *any*
general purpose OS actually pass packets with bad TCP checksums so far
in the stack that they hit the firewall?  I seriously doubt it, it's a
waste.  That may not even make it past the hardware on some NIC's.

Point being, if your system is so broken that it's sending out packets
with broken TCP checksums (dare I even ask how that happened....), I
don't think any firewall is going to log that unless the OS logs
received packets that are screwed up.  I would imagine they just show
up in the error counter on the interface.