Interaction between mpd and ipfilter/ipnat
Jim Hatfield
subscriber at insignia.com
Thu Mar 16 17:27:05 UTC 2006
I have a FreeBSD firewall which does packet filtering and NAT.
The internal address range is 172.16.64.0/24. The only filtering
is incoming on the external NIC, fxp0.
The machine also runs mpd for remote access.
By pure chance I was tailing ipf.log when I connected an XP laptop
to the mpd service, and immediately I saw these:
> Mar 16 16:57:41 inchgower ipmon[61]: 16:57:40.923619 fxp0 @0:2 b 172.16.64.168,137 -> 172.16.64.200,137 PR udp len 20 96 IN
> Mar 16 16:57:42 inchgower ipmon[61]: 16:57:42.425811 fxp0 @0:2 b 172.16.64.168,137 -> 172.16.64.200,137 PR udp len 20 96 IN
172.16.64.168 is the address given out by mpd to the laptop.
172.16.64.200 is the Active Directory Domain Controller.
I'm confused as to why ipf is seeing these packets coming in on fxp0.
Surely what comes in is the GRE packet to the external NIC's address,
this is then decapsulated and the embedded packet routed on. Why does
ipf even see it, let alone block it? I would expect the source interface
to be ng0, not fxp0.
From the laptop I can ping and connect to internal machines, so most
packets are not being blocked in this way.
tcpdump also sees the packets coming in on fxp0, but I'm not convinced
they are. I guess I can only really tell if I get the switch to copy
packets to another port and monitor from there.
More information about the freebsd-questions
mailing list