* Philipp Snizek;
Hi Togan,
icmp type 3 is destination unreachable. You should not block these packets coming from inet to you (re-read ipchains howto). It seems your 10.14.9.254 cannot reach a host in the internet.
Excuse me I do not get it I have my local net on the 192.168.1.0/24 subnet Internet is assigned via pppoe which is going thru eth1 which has no adress assigned and ppp0 has 212.156.197.144 as the ip number eth0 Link encap:Ethernet HWaddr 00:00:21:D2:D3:73 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1559952 errors:0 dropped:0 overruns:0 frame:0 TX packets:2195196 errors:0 dropped:0 overruns:0 carrier:0 collisions:255 txqueuelen:100 Interrupt:11 Base address:0x1000 eth1 Link encap:Ethernet HWaddr 00:60:97:50:AE:DB UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2284437 errors:0 dropped:0 overruns:0 frame:0 TX packets:1642777 errors:0 dropped:0 overruns:0 carrier:3 collisions:39 txqueuelen:100 Interrupt:10 Base address:0x300 ppp0 Link encap:Point-to-Point Protocol inet addr:212.156.197.144 P-t-P:212.156.196.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:24492 errors:0 dropped:0 overruns:0 frame:0 TX packets:23939 errors:0 dropped:0 overruns:0 carrier 0 collisions:0 txqueuelen:10 this is the routing table thereis no 10.0.0.0. network assigned 212.156.196.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 212.156.196.1 0.0.0.0 UG 0 0 0 ppp0 So if I am reading the log correctly the traffic is 10.4.9.254 port 3 to my internet ip port 1 Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.144:1 L=56 S=0x00 I=40482 F=0x0000 T=254 (#4) Since there is no 10.0.0.0 network on my routing table and there is no ip from this group assigned to ny intrefaces I think it is quite logical to block private IP coming to the internet ip (the rule is input) So before complaing to the ISP I wnat to make sure I know what I am talking. -- Togan Muftuoglu