[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

broadcast packets and iptables

To: iptraf-users@seul.org
Subject: broadcast packets and iptables
From: Leonardo Canducci <leocand@tin.it>
Date: Sat, 1 May 2004 14:26:45 +0200
Delivered-to: archiver@seul.org
Delivered-to: iptraf-users-outgoing@seul.org
Delivered-to: iptraf-users@seul.org
Delivery-date: Sat, 01 May 2004 08:27:06 -0400
Reply-to: iptraf-users@seul.org
Sender: owner-iptraf-users@seul.org
User-agent: Mutt/1.5.5.1+cvs20040105i

I'm using iptraf to monitor my linux firewall. 
there's a strange thing happening: in iptraf's logs i can see entries
regarding broadcast packets (windows netbios) that shuld be filtered 
out by iptables.

e.g. in ipraf log i see:
Fri Apr 30 17:57:13 2004; UDP; eth1; 78 bytes; from 192.168.12.50:137 to 192.168.12.255:137

but my iptables rules drop any packet in INPUT chain. in fact 
/var/log/messages show the same packet filtered out and logged by iptables:

Apr 30 17:57:13 biagio kernel: INPUT packet died: IN=eth1 OUT= SRC=192.168.12.50 DST=192.168.12.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=302 PROTO=UDP SPT=137 DPT=137 LEN=58

the network card is not in promiscuous mode.

so, how can iptraf see that packets if they are filtered out by
iptables?

thanks for answering.
-- 
Leonardo Canducci 
GPG Key ID: 429683DA

Index(es):
- Author
- Thread