Re: [m0n0wall] strange entry in firewall logs

From:	Thomas Sprinzing <thomas at sprinzing dot org>
To:	Wilko Lunenburg <wilko at sassenheim dot net>
Cc:	monowall <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] strange entry in firewall logs
Date:	Fri, 18 Jul 2008 10:02:48 +0200
Am 17.07.2008 um 23:10 schrieb Wilko Lunenburg:

> Hi,
>
> No it is not. There can only come in anything from the WAN  
> interface, there is only an accesspoint on the OPT interface. And  
> that AP is usually not used by anything.
>
> It is just as if (because the LAN is bridged to OPT) the packets for  
> some reason get to the OPT interface and "bounce back".

not a good idea at all.

WLAN is bad per se, so don't bridge it into your LAN. Make it an own  
network, and you're fine.




>
>
>
> Wilko
>
>
>
> Bob Gustafson wrote:
>> It does look as though your IP/port addresses are the same, even  
>> though on different physical interfaces. Is this what you wanted?
>> On Jul 17, 2008, at 15:08, Wilko Lunenburg wrote:
>>> Hello everyone,
>>>
>>> For quite some time it puzzles me why there are entries in the  
>>> firewall-log about blocking smtp connections coming in from my OPT  
>>> interface, where my access point is connected to. Most of the time  
>>> there is nothing using this accesspoint at all.
>>>
>>> But shorty I began logging valid smtp accesses from the WAN too  
>>> and now I see that for some (not all?!?!) smtp accesses from the  
>>> WAN there is a corresponding one that seems to come from OPT.
>>>
>>> The setup I use is: one network-card connected to a modem to the  
>>> internet provider. Another card directly connected to the LAN and  
>>> the third card connected to an accesspoint. The last one is  
>>> brigded to the LAN.
>>>
>>> It looks like this in the log:
>>>
>>> 21:38:49.235667    OPT    88.104.127.246, port 1966     
>>> 192.168.77.253,    port 25    TCP
>>> 21:38:49.233888    WAN    88.104.127.246, port 1966     
>>> 192.168.77.253,    port 25    TCP
>>>
>>> Where the first line is being blocked and the second accepted, can  
>>> anyone explain why this happens?
>>>
>>>
>>>
>>> -- 
>>> Met vriendelijke groet,
>>>
>>> Wilko Lunenburg
>>>
>>> ===
>>> There are some things so serious you have to laugh at them. -  
>>> Niels Bohr
>>> ===
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
> -- 
> Met vriendelijke groet,
>
> Wilko Lunenburg
>
> ===
> There are some things so serious you have to laugh at them. - Niels  
> Bohr
> ===
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>