Opened 10 years ago

Closed 7 years ago

#108 closed defect (worksforme)

Vuurmuur recognizes my pppd address as spoofed

Reported by: Kevin Owned by: Victor Julien
Priority: blocker Milestone: undecided
Component: vuurmuur Version: 0.7
Keywords: spoof, class, ppp Cc: Kevin

Description

When port forwarding from my LAN network to the proxy (that has a class-c 192.168.1.x/24 IP), the packet gets dropped:

│Nov 3 16:59:28: DROP squid LL090362.AR.Company -> proxy.Home.Peer 'spoof class-c' (in: eth0 out: ppp0 135.20.208.173:2743 -> 192.168.1.200:8888 TCP flags ......

I haven't got anti-spoofing enabled on the zones, so I think it's buggy.

This is the first of several ports I need to forward to another site (data center).

Change History (3)

comment:1 Changed 10 years ago by Victor Julien

If you inspect the output of the "vuurmuur -b" command you should be able to see what network for the anti-spoofing rules are created for. Something like:

# rule: action: Protect, who: world.inet, danger: spoofing, source: class-c

Then inspect the network to see if it really has spoofing protection disabled. If so please post the contents of the network file (/etc/vuurmuur/zones/inet/networks/world/network.config in my example) here!

comment:2 Changed 10 years ago by Kevin

Cc: Kevin added

vuurmur -b |grep class-c returns no results.

iptables -vnL | grep class-c

0 0 LOG all -- ppp0 * 192.168.0.0/16 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `vrmr: DROP spoof class-c ' 3 144 LOG all -- * ppp0 0.0.0.0/0 192.168.0.0/16 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `vrmr: DROP spoof class-c '

comment:3 Changed 7 years ago by Victor Julien

Resolution: → worksforme
Status: new → closed
Note: See TracTickets for help on using tickets.