[tor-talk] RFC1918 addresses on outside interface

Andreas Krey a.krey at gmx.de
Thu Nov 29 06:16:41 UTC 2012


On Tue, 20 Nov 2012 00:34:05 +0000, temp5 at tormail.org wrote:
> Running a non-exit Tor relay on Linux and have iptables set up to block
> inbound and outbound RFC1918 addresses on the outside interface. Notice in
> the firewall logs several seemingly random private IP addresses connection
> attempts to my relay port getting dropped on the outside over the past few
> months.

Sounds like there are some relays running on rfc-1918 addresses
on machines that have a route to the internet but noone NATting
them. Result: Packets with rfc1918 source addresses. (And apparently
no one on the way filtering them out.)

> The MAC address associated with these matches my ISP's default
> gateway.

That is by design of IP-over-ethernet: The MAC source address
is the one of the last hop.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800


More information about the tor-talk mailing list