On 05/06/2012 02:49 PM, Doug Lytle wrote:
imnotpc wrote:
but wireless device access is more lenient.
My thoughts would be someone connecting via the wireless with another
interface connected as well. We have users that don't understand that
they don't need to do both wireless and wired. Some times we see
wireless, wired and vpn.
Just a guess.
Doug
The problem with that is that the firewall rules on these boxes
immediately log and drop any packet that doesn't come from the subnet
assigned to that interface. I'm not an expert on iptables but I believe
that anything coming in on those interfaces would hit iptables and be
dropped before the kernel log. Even if the kernel saw them first I
should still see corresponding iptables log entries. The router boxes
don't have any wireless cards so they aren't generating these entries
that way. I don't know how a wireless host connecting to a wireless
router, which has a wired LAN IP on LAN facing interface and uses DHCP
for the wireless interface, is able to propagate a different IP address
all the way to the firewall without being translated or dropped. Very
curious.
Jeff
