Date: Thu, 16 Mar 2006 17:27:00 +0000 From: Jim Hatfield <subscriber@insignia.com> To: freebsd-questions@freebsd.org Subject: Interaction between mpd and ipfilter/ipnat Message-ID: <44199FE4.6060705@insignia.com>
next in thread | raw e-mail | index | archive | help
I have a FreeBSD firewall which does packet filtering and NAT. The internal address range is 172.16.64.0/24. The only filtering is incoming on the external NIC, fxp0. The machine also runs mpd for remote access. By pure chance I was tailing ipf.log when I connected an XP laptop to the mpd service, and immediately I saw these: > Mar 16 16:57:41 inchgower ipmon[61]: 16:57:40.923619 fxp0 @0:2 b 172.16.64.168,137 -> 172.16.64.200,137 PR udp len 20 96 IN > Mar 16 16:57:42 inchgower ipmon[61]: 16:57:42.425811 fxp0 @0:2 b 172.16.64.168,137 -> 172.16.64.200,137 PR udp len 20 96 IN 172.16.64.168 is the address given out by mpd to the laptop. 172.16.64.200 is the Active Directory Domain Controller. I'm confused as to why ipf is seeing these packets coming in on fxp0. Surely what comes in is the GRE packet to the external NIC's address, this is then decapsulated and the embedded packet routed on. Why does ipf even see it, let alone block it? I would expect the source interface to be ng0, not fxp0. From the laptop I can ping and connect to internal machines, so most packets are not being blocked in this way. tcpdump also sees the packets coming in on fxp0, but I'm not convinced they are. I guess I can only really tell if I get the switch to copy packets to another port and monitor from there.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44199FE4.6060705>