Lots of ISP's/etc use 10.* for "internal clouds" of routers and the like. My adsl box for example is a 10.* IP printed on the sticker on the bottom of it. At one colo provider (using this ISP) they do not filter 10.* and so you can access the "internal cloud" which is kind of fun =). -Kurt On Wed, 15 Aug 2001, 'Togan Muftuoglu' wrote:
* Philipp Snizek;
on 15 Aug, 2001 wrote: Hi Togan,
icmp type 3 is destination unreachable. You should not block these packets coming from inet to you (re-read ipchains howto). It seems your 10.14.9.254 cannot reach a host in the internet.
Excuse me I do not get it
I have my local net on the 192.168.1.0/24 subnet
Internet is assigned via pppoe which is going thru eth1 which has no adress assigned and ppp0 has 212.156.197.144 as the ip number
eth0 Link encap:Ethernet HWaddr 00:00:21:D2:D3:73 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1559952 errors:0 dropped:0 overruns:0 frame:0 TX packets:2195196 errors:0 dropped:0 overruns:0 carrier:0 collisions:255 txqueuelen:100 Interrupt:11 Base address:0x1000
eth1 Link encap:Ethernet HWaddr 00:60:97:50:AE:DB UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2284437 errors:0 dropped:0 overruns:0 frame:0 TX packets:1642777 errors:0 dropped:0 overruns:0 carrier:3 collisions:39 txqueuelen:100 Interrupt:10 Base address:0x300
ppp0 Link encap:Point-to-Point Protocol inet addr:212.156.197.144 P-t-P:212.156.196.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:24492 errors:0 dropped:0 overruns:0 frame:0 TX packets:23939 errors:0 dropped:0 overruns:0 carrier 0 collisions:0 txqueuelen:10
this is the routing table thereis no 10.0.0.0. network assigned
212.156.196.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 212.156.196.1 0.0.0.0 UG 0 0 0 ppp0
So if I am reading the log correctly the traffic is
10.4.9.254 port 3 to my internet ip port 1 Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=40482 F=0x0000 T=254 (#4)
Since there is no 10.0.0.0 network on my routing table and there is no ip from this group assigned to ny intrefaces I think it is quite logical to block private IP coming to the internet ip (the rule is input)
So before complaing to the ISP I wnat to make sure I know what I am talking.