[ previous ] [ next ] [ threads ]
 
 From:  Wilko Lunenburg <wilko at sassenheim dot net>
 Cc:  monowall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] strange entry in firewall logs
 Date:  Fri, 18 Jul 2008 19:50:26 +0200
Hi,

You're may be right but that still does not explain why I see those 
connections being "duplicated" on the setup I now use.

Why do you think that WLAN bridged to the LAN is bad anyway? I did not 
want to connect the accesspoint to my LAN directly, so I bridged it with 
the LAN, that way I could fine tune the access WLAN clients got to the 
rest of the network. I thought it was a neat solution.

It is just this strange effect:

17:44:43.807258	WLAN 190.186.83.92, port 2652  192.168.77.253, port 25	TCP
17:44:43.806507	WAN  190.186.83.92, port 2652  192.168.77.253, port 25	TCP

And it happens with some connections, not all of them.

Cheers,

Wilko




Thomas Sprinzing schreef:
> 
> Am 17.07.2008 um 23:10 schrieb Wilko Lunenburg:
> 
>> Hi,
>>
>> No it is not. There can only come in anything from the WAN interface, 
>> there is only an accesspoint on the OPT interface. And that AP is 
>> usually not used by anything.
>>
>> It is just as if (because the LAN is bridged to OPT) the packets for 
>> some reason get to the OPT interface and "bounce back".
> 
> not a good idea at all.
> 
> WLAN is bad per se, so don't bridge it into your LAN. Make it an own 
> network, and you're fine.
> 
> 
> 
> 
>>
>>
>>
>> Wilko
>>
>>
>>
>> Bob Gustafson wrote:
>>> It does look as though your IP/port addresses are the same, even 
>>> though on different physical interfaces. Is this what you wanted?
>>> On Jul 17, 2008, at 15:08, Wilko Lunenburg wrote:
>>>> Hello everyone,
>>>>
>>>> For quite some time it puzzles me why there are entries in the 
>>>> firewall-log about blocking smtp connections coming in from my OPT 
>>>> interface, where my access point is connected to. Most of the time 
>>>> there is nothing using this accesspoint at all.
>>>>
>>>> But shorty I began logging valid smtp accesses from the WAN too and 
>>>> now I see that for some (not all?!?!) smtp accesses from the WAN 
>>>> there is a corresponding one that seems to come from OPT.
>>>>
>>>> The setup I use is: one network-card connected to a modem to the 
>>>> internet provider. Another card directly connected to the LAN and 
>>>> the third card connected to an accesspoint. The last one is brigded 
>>>> to the LAN.
>>>>
>>>> It looks like this in the log:
>>>>
>>>> 21:38:49.235667    OPT    88.104.127.246, port 1966    
>>>> 192.168.77.253,    port 25    TCP
>>>> 21:38:49.233888    WAN    88.104.127.246, port 1966    
>>>> 192.168.77.253,    port 25    TCP
>>>>
>>>> Where the first line is being blocked and the second accepted, can 
>>>> anyone explain why this happens?
>>>>
>>>>
>>>>
>>>> -- 
>>>> Met vriendelijke groet,
>>>>
>>>> Wilko Lunenburg
>>>>
>>>> ===
>>>> There are some things so serious you have to laugh at them. - Niels 
>>>> Bohr
>>>> ===
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>> -- 
>> Met vriendelijke groet,
>>
>> Wilko Lunenburg
>>
>> ===
>> There are some things so serious you have to laugh at them. - Niels Bohr
>> ===
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>