Opened 9 years ago
Closed 7 years ago
#108 closed defect (worksforme)
Vuurmuur recognizes my pppd address as spoofed
| Reported by: | Kevin | Owned by: | Victor Julien |
|---|---|---|---|
| Priority: | blocker | Milestone: | undecided |
| Component: | vuurmuur | Version: | 0.7 |
| Keywords: | spoof, class, ppp | Cc: | Kevin |
Description
When port forwarding from my LAN network to the proxy (that has a class-c 192.168.1.x/24 IP), the packet gets dropped:
│Nov 3 16:59:28: DROP squid LL090362.AR.Company -> proxy.Home.Peer 'spoof class-c' (in: eth0 out: ppp0 135.20.208.173:2743 -> 192.168.1.200:8888 TCP flags ......
I haven't got anti-spoofing enabled on the zones, so I think it's buggy.
This is the first of several ports I need to forward to another site (data center).
Change History (3)
comment:1 Changed 9 years ago by
comment:2 Changed 9 years ago by
| Cc: | Kevin added |
|---|
vuurmur -b |grep class-c returns no results.
iptables -vnL | grep class-c
0 0 LOG all -- ppp0 * 192.168.0.0/16 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `vrmr: DROP spoof class-c ' 3 144 LOG all -- * ppp0 0.0.0.0/0 192.168.0.0/16 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `vrmr: DROP spoof class-c '
comment:3 Changed 7 years ago by
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
If you inspect the output of the "vuurmuur -b" command you should be able to see what network for the anti-spoofing rules are created for. Something like:
Then inspect the network to see if it really has spoofing protection disabled. If so please post the contents of the network file (/etc/vuurmuur/zones/inet/networks/world/network.config in my example) here!