There are the following lines in the ip-masq-mini-howto: # outgoing from local net on remote interface, stuffed masquerading, deny ipfwadm -O -a deny -V your.static.PPP.address -S 192.168.0.0/16 ... My question is simple: what does that "stuffed masq'ing" mean and in which situations this filtering is needed? I'm very sorry if this is FAQ. I couldn't find any information about that on the Web and noone seems to know anything about that. I'm very interested about this, 'cause a similar rule really blocked (and logged) a few packets on my computer. Please notice that it was the _outgoing_ filter which blocked those packets. The packets were going from 192.168.1.2 and going to x.y.z.w (a machine in *.com domain, that address isn't familiar to me) via eth0. There were something like 20 packets in about 2 minutes: May 5 10:53:30 narnia vmunix: IP fw-out deny eth0 ICMP/3 192.168.1.2 x,y.z.w L=56 S=0x00 I=32935 F=0x0000 T=31 Only that I=xxxx (and, of course, the time) varied. My configuration: eth0 = internet eth1 = local network, addresses 192.168.1.x. The ip-masquerading is working perfectly, has worked already about one year. There was no other information related to this in the logs and I've never seen anything like that. The ipfwadm setup is based on the sample configuration of the ip-masq-mini-howto. There _are_ incoming filters which do filter any packet coming from 192.168.1.x via eth0 and those filters do work. There are only trusted users on my box. The kernel version is 2.0.33 (+ all security patches). 192.168.1.2 really exists, it's a Win95 box and it was switched on when this happened. Nothing strange happened on that machine. How is it possible that my machine generates packets which seem to be coming from 192.168.1.2? If they were really coming from that address via eth1, they would be masqueraded. If they were coming via eth0, they would have been blocked. Is this a ip-masq bug? Or a feature? Or a cracking attempt? Or am I disturbing the wrong people, can this be something compeletely different which isn't even related to masq'ing?-) --------------------------------------------------------- Jukka Suomela [EMAIL PROTECTED] Servin-Maijan tie 10 F 83 http://narnia.tky.hut.fi 02150 ESPOO, FINLAND (09) 468 2963 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
