"I might be a little late to the party here, but are you saying that 10.11.14.160 is the IP address which the Cloudflare servers see?"
Sorry, I left out a bit. The 10.11.14.160 is the address assigned to a NIC on our firewall / gateway / internal router machine, but that NIC is connected to a Netgear C7100V cable modem which runs in NAT/routing mode. The actual public IP address, as provided by Comcast via DHCP, is currently 66.31.152.192 (as it has been since well before Cloudflare). The reason for this complicated setup is partly historical: until last month we *also* had a DSL connection to the Internet. So the gateway did the routing (including "Policy Routing") for that. And we have a few other 10.x.x.x LANs internally, which we will keep. Plus, the gateway runs iptables, HAVP (which uses libclamav), Privoxy, some OpenVPN tunnels and occasionally captures packets to/from the Internet for analysis. Although we *could* run the cable modem in bridge mode, that would mean our gateway machine would be hit with lots of IPv6 packets, which we would just have to drop. (Our internal LANs aren't set up for IPv6 and, until some crucial Internet services won't work over IPv4, I have too many other things to do.) P.S. I think we've been using ClamAV since 0.86.2, back in July 2005 (how time flies), and I've generally been very happy with it. On Fri, 23 Nov 2018 18:32:00 +0000 (GMT) "G.W. Haywood" <cla...@jubileegroup.co.uk> wrote: > Hi there, > > On Thu, 22 Nov 2018, Paul Kosinski wrote: > > > I wonder how many users of ClamAV actually log their freshclam > > updates. > > I've been using ClamAV for more than a decade. I've already said on > the list that I log all freshclam updates and that in general my > experience is that the mirrors are very reliable. During the switch > to Cloudflare I experienced no problems. There was an issue back in > March/April this year which I believe was the first that ran for more > than a day for as long as I can remember. > > Like Mr. Peterson (and *un*like this mailing list's configuration :) I > run freshclam so as to avoid pile-ups. Typically I fetch three > updates per day and they succeed as regularly as clockwork. > > On Wed, 21 Nov 2018, Paul Kosinski wrote: > > > ... 'LocalIPAddress' is the *outgoing* IP address ... > > .. To sum up, the "LocalIPAddress 10.11.14.160" is ... > > I might be a little late to the party here, but are you saying that > 10.11.14.160 is the IP address which the Cloudflare servers see? Some > ISPs do issue RFC1918 addresses to their clients but I'd expect a NAT > gateway somewhere between your interface and Cloudflare, so that the > Cloudflare servers see an Internet-routable IP. If there is such a > gateway, maybe it's worth a look on the other side of it. If there > isn't, I'd expect problems because packets from/to RFC1918 addresses > should never be allowed onto the public Internet. Please forgive me > for teaching granny; this *might* be news to some who are reading now. > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
