> To my big surprise, the log started reporting denied packets that should
> NEVER have traversed the interface in outbound direction.
>
> After some detailed analysis, it looks like IP traffic that is directed
> by far away hosts at a local PPP dialup user who has JUST DISCONNECTED
> makes the PM (ComOS 3.3.2 release) feel like putting those packets BACK
> on the ethernet. And it's doing this for quite some time: an extreme
> case in the logs after a user disconnected shows about 200 logged deny's
> over a period of 3 minutes and 40 seconds !
If I understand you correctly, I think I have the same problem on my Linux
terminal servers, and it's a fairly basic routing issue.
Say user joe logs into the terminal server at 205.229.48.3 and runs PPP
and gets address 205.229.51.25. Joe logs out in the middle of some data
transfer, and the remote host keeps transmitting patckets to
205.229.51.25. That address is part of a subnet that my Cisco knows to
route to 205.229.48.3...so of course the packets are sent to
205.229.48.3. The terminal server gets these packets and goes "huh? I
have no route to that address...better ship that packet off to my default
route." The end result seems to be lots of icmp redirects logged on my
mail and news servers and probably a bit of unnecessary ether
traffic...but nothing apparently too serious.
What I think we need is a way to route unused addresses to the bit bucket
so these packets with no viable destination get dropped sooner rather than
later. I wonder if I could use dev dummy0 for that...hmm. Wonder what
portmasters can do about it :)
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/hr.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______