Hi, all, When I restart shorewall I saw these messages: Masqueraded Subnets and Hosts: To 0.0.0.0/0 from 202.40.46.0/24 through ppp0 To 0.0.0.0/0 from 192.168.0.0/24 through ppp0 To 0.0.0.0/0 from 169.254.0.0/16 through ppp0 However in my masq files I have only these two entries: #INTERFACE SUBNET ADDRESS ppp0 eth0 ppp0 eth1 Is it normal or expected? How should i debug it? Regards, Anthony __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
On Tue, 2003-06-17 at 07:24, Anthony Kong wrote:> Hi, all, > > When I restart shorewall I saw these messages: > > Masqueraded Subnets and Hosts: > To 0.0.0.0/0 from 202.40.46.0/24 through ppp0 > To 0.0.0.0/0 from 192.168.0.0/24 through ppp0 > To 0.0.0.0/0 from 169.254.0.0/16 through ppp0 > > However in my masq files I have only these two > entries: > > #INTERFACE SUBNET ADDRESS > ppp0 eth0 > ppp0 eth1 > > Is it normal or expected? How should i debug it? >Either eth0 or eth1 has a route to 169.254.0.0/16 so Shorewall includes it in the masquerading rules. That is normal. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Hi, Tom, Upon closer investigation, I found that there is a strange twist in the ''ifup'' script shipped with redhat9. The script will check a varaible called NOZEROCONF in the cfg* files. If it is zero then it will add a route to 169.254.0.0/16. Very strange. Thanks again. Anthony --- Tom Eastep <teastep@shorewall.net> wrote:> On Tue, 2003-06-17 at 07:24, Anthony Kong wrote: > > Hi, all, > > > > When I restart shorewall I saw these messages: > > > > Masqueraded Subnets and Hosts: > > To 0.0.0.0/0 from 202.40.46.0/24 through ppp0 > > To 0.0.0.0/0 from 192.168.0.0/24 through ppp0 > > To 0.0.0.0/0 from 169.254.0.0/16 through ppp0 > > > > However in my masq files I have only these two > > entries: > > > > #INTERFACE SUBNET ADDRESS > > ppp0 eth0 > > ppp0 eth1 > > > > Is it normal or expected? How should i debug it? > > > > Either eth0 or eth1 has a route to 169.254.0.0/16 so > Shorewall includes > it in the masquerading rules. That is normal. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://www.shorewall.net > Washington USA \ teastep@shorewall.net >__________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
Not so strange if you have a look at www.zeroconf.org ... ZeroConf includes a means for a machine to dynamically assign an IP address to itself if it cannot locate a DHCP server. These addresses are generated within the 169.254.0.0/16 subnet. Try booting a machine running a recent version of windows, configured for DHCP, when it''s not connected to a network - you''ll find it assigns itself an IP address in this subnet. Paul> -----Original Message----- > From: shorewall-users-bounces@lists.shorewall.net > [mailto:shorewall-users-bounces@lists.shorewall.net] On > Behalf Of Anthony Kong > Sent: Tuesday, June 17, 2003 6:38 PM > To: Tom Eastep > Cc: shorewall > Subject: Re: [Shorewall-users] masq and extra entires in iptables > > > Hi, Tom, > > Upon closer investigation, I found that there is a > strange twist in the ''ifup'' script shipped with > redhat9. The script will check a varaible called > NOZEROCONF in the cfg* files. If it is zero then it > will add a route to 169.254.0.0/16. Very strange. > > Thanks again. > > Anthony >