On Tue, Apr 30, 2002 at 07:26:08PM -0500, Chris Hoeschen wrote: > The 192.168.0.2 is a misprint, it should be 192.168.10.2, also the second > reference to the BANNED is from the INPUT chain. All I am worried about is > how a connection is getting forwarded unlogged or dropped. Is it possible > that he is spoofing the IP address where netfilter sees one address and
What netfilter sees is exactly the same as what apache sees, unless there is a backdoor, bypassing your netfilter box, or if he has access to your netfilter as root ;-) > apache is getting a different one? Apache is reporting the IP address as > being one that is being blocked by IPTables. I am also logging that same IP > address and the logs show no such connection from that IP address. How are you logging positively and which logs show no such connection? Apache and netfilter, you mean? Is it possible to ask the opinion of a third party like tcpdump/etherreal/snort? Ramin
