[Firehol-support] Interface config

Costa Tsaousis costa at tsaousis.gr
Wed Jul 27 21:27:39 CEST 2005


Liquid wrote:

> Its interesting that when i PING to eth0 (192.168.0.240) from my PC
>
>(192.168.0.10) in log i see this. DENY on IN=eth0. Whats wrong?
>
>Jul 23 23:44:51 vilik IN-unknown:IN=eth0 OUT=
>MAC=00:b0:d0:f3:e4:d7:00:02:b3:3b:37:56:08:00 SRC=192.168.0.10
>DST=192.168.0.240 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=22323 PROTO=ICMP
>TYPE=8 CODE=0 ID=512 SEQ=2304 
>
>  
>
FireHOL has printed "IN-unknown" meaning that this packet comes IN via 
an "unknown" interface based on your firehol.conf defined interfaces.
 From the config you posted with your first message I see that the line:

internet_ips="192.168.0.199 192.168.0.216 192.168.0.217"

which is used for determining the IPs on your eth0 interface, does not include 192.168.0.240 which is logged as the destination of the above packet.

Costa








More information about the Firehol-support mailing list