On Sat, 16 Oct 2004, Benjamin Goedeke wrote:
> There's an wrong routing entry:
>
> 134.102.0.0/16 0.0.0.0 UG000eth1
It is not wrong, it is just dangerous. You *have* a 134.102.0.0/16 network
there, don't you? Or is the netmask wrong?
You can fix the issue right by increasing y
On Sa, 16.10.2004, 16:21, Ben Goedeke wrote:
> Kurt Roeckx wrote:
...
> Hmm. That gives me an idea:
>
> Destination Gateway Flags Metric Ref Use Iface
> 134.102.0.0/16 0.0.0.0 UG0 0 0 eth1
>
> With such a routing entry the firewall will try and resolve mac
> addr
Christian Storch wrote:
On Sa, 16.10.2004, 13:39, Benjamin Goedeke wrote:
...
ethernet address, namely the one of the upstream router.) So it seems
arp resolution occurs even though the packets are being dropped. That's
why I thought the bridge before the firewall could be a good idea. But
I guess
On Sat, 16 Oct 2004, Christian Storch wrote:
> Yes! That resolution is independend from chain FORWARD.
But you can probably kill packets before it in PREROUTING. I didn't try,
though. But it would be a nice experiment to do sometime.
--
"One disk to rule them all, One disk to find them. One d
On Sat, 16 Oct 2004, Benjamin Goedeke wrote:
> My net has netmask /24 and the firewall is connected to an upstream
> router which sits in 134.102.0.0/16. The other gateway sits between my
This is the problem. And what a dangerous netmask to have a router sit on,
btw... here we use small networks (
On Sa, 16.10.2004, 13:39, Benjamin Goedeke wrote:
...
> ethernet address, namely the one of the upstream router.) So it seems
> arp resolution occurs even though the packets are being dropped. That's
> why I thought the bridge before the firewall could be a good idea. But
> I guess the net gets clo
On Sat, 16 Oct 2004, Christian Storch wrote:
> Do you have a route entry like
>
> 0.0.0.0 0.0.0.0 0.0.0.0 UG0 00 eth0
Eek! no way, we are very careful with our routing :P
And the other person doesn't have one, either. He has a /16 network, that is
enough to fill
Kurt Roeckx wrote:
On Sat, Oct 16, 2004 at 01:39:29PM +0200, Benjamin Goedeke wrote:
My net has netmask /24 and the firewall is connected to an upstream
router which sits in 134.102.0.0/16. The other gateway sits between my
site and two /24 nets but this gateway doesn't seem to be affected.
So th
On Sat, Oct 16, 2004 at 01:39:29PM +0200, Benjamin Goedeke wrote:
> Henrique de Moraes Holschuh wrote:
>
> >Well, I have seen ARP overflows on very big flat networks (e.g.
> >172.16.0.0/16) for example. Is any of yours that big? Otherwise, why
> >would
> >the firewall be trying to resolve so ma
Henrique de Moraes Holschuh wrote:
Well, I have seen ARP overflows on very big flat networks (e.g.
172.16.0.0/16) for example. Is any of yours that big? Otherwise, why would
the firewall be trying to resolve so many ARP addresses, instead of
forwarding the packets to its default gateway, or rejec
On Sa, 16.10.2004, 07:58, Henrique de Moraes Holschuh wrote:
> On Sat, 16 Oct 2004, Ben Goedeke wrote:
>> Should it really be possible for a single infected windows machine to
>> dos
>> a linux firewall? Please tell me it's not true and there's just
>> something
>> I'm overlooking. I'm at my wits e
11 matches
Mail list logo
