Date: Mon, 2 Jun 2008 16:18:57 -0700 From: "David Schwartz" <davids@webmaster.com> To: <freebsd-ipfw@freebsd.org> Subject: RE: bridgeing not routing Message-ID: <MDEHLPKNGKAHNMBLJOLKIEPGNBAC.davids@webmaster.com> In-Reply-To: <1732391433.1036781212439358454.JavaMail.root@cygnus.plymouth.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm looking at a packet from a packet capture. The packet's IP=20 > address was sourced within our LAN, destination a server out on=20 > the Internet (it is a tcp ack, part of an ongoing session) The=20 > packet's mac addresses were sourced from the inside interface of=20 > the firewall and destination to our LAN's core router. Our=20 > firewall is operating in bridging mode, however, not routing. It=20 > has a management IP address on the inside interface, but that's=20 > it. No other IP address assigned. >=20 > Under what conditions would an ipfw bridging firewall grab hold=20 > of an outgoing packet and send it back, substituting it's own mac=20 > address for the source and the inner LAN router for the destination?=20 >=20 > TIA for any insight >=20 > Fred Portnoy > Network Analyst > Plymouth State University There are probably a few reasons I can't think of, but there are a few = obvious ones. First, the machine that sent the packet may have the = firewall's management IP set as its default route or as a route to that = destination. Second, the machine that sent the packet may have received = an ICMP redirect from the firewall. Third, the packet might be = maliciously crafted. Fourth, the firewall may have either fragmented or = reassembled the packet. DS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MDEHLPKNGKAHNMBLJOLKIEPGNBAC.davids>