On Sunday, January 25, 2015 14:24:17 Jan Lühr wrote:
there appears to be some misconfiguration in our network. A gateway is blocking unknown ip-addresses:
[658047.514011] FORWARD DROPPEDIN=bat0 OUT=backbone MAC=3a:81:5b:64:fa:32:08:fc:88:9b:8a:60:08:00:45:00:00:4f:6c:b1:40:00:3f:06: b8:8e:0a:a6 SRC=10.166.28.69 DST=173.194.65.188 LEN=79 TOS=0x00 PREC=0x00 TTL=63 ID=27825 DF PROTO=TCP SPT=45173 DPT=5228 WINDOW=9131 RES=0x00 ACK PSH URGP=0 [658047.519455] FORWARD DROPPEDIN=bat0 OUT=backbone MAC=3a:81:5b:64:fa:32:08:fc:88:9b:8a:60:08:00:45:00:00:34:6c:b2:40:00:3f:06: b8:a8:0a:a6 SRC=10.166.28.69 DST=173.194.65.188 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=27826 DF PROTO=TCP SPT=45173 DPT=5228 WINDOW=9131 RES=0x00 ACK FIN URGP=0
I'm somewhat confused by the mac-address here - it's very long. Can I somehow derive, which originator or client is propagating or using this address?
If you posted the iptables rules with which you generate these logs we might be able to help you.
Cheers, Marek