[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  =?us-ascii?B?UmU6IFttMG4wd2FsbF0gTG9ncw==?=
 Date:  Thu, 26 Aug 2004 23:15:49 -0700 (PDT)
On Tue, 24 Aug 2004, Jason J. Ellingson wrote:
> 
> I have a /28 IP block
> 
> WAN and DMZ are bridged (filtered bridge)
> LAN and DMZ are on same switch (all my servers have both a 192.x.x.x IP and
> a real IP)
> 
> LAN has two rules:
> FROM 192.x.x.x * TO * * ALLOW NOLOG
> FROM * * TO * * BLOCK NOLOG
> 
> DMZ has similar rules:
> FROM 209.x.x.x * TO * * ALLOW NOLOG
> FROM * * TO * * BLOCK NOLOG
> 
> I added the two blocks without logging because the switch sometimes still
> sends packets out all its ports... so the LAN port sees a DMZ packet on
> occasion.
> 
> Here's the problem... m0n0wall is still logging the 209.x.x.x packets that
> show up on the LAN port instead of not logging them like it should.
> 
> Same for DMZ... it logs seeing 192.x.x.x packets.

It sounds like it's running afoul of internal "anti-spoofing" rules.  You
can check by looking at what rule # is being blamed for the log entry.  If
so, the only way to get rid of the logging is to disable the "default
rule" logging.

					Fred Wright