IP spoofed packets and Cisco

Hello everybody, Thanks for your advices.

I have about five servers behind a Cisco ASA 5510, using local IP addresses, like, on a switch.

The Cisco provides static NAT on some ports. For instance, I have a mail server, and the Cisco make static NAT on ports 993 and 25 only. If I try to access on port 8000 or 8080 with telnet from an external IP, the connection is refused, which is normal.

Because I don't trust other machines already in place, I have temporary added a software firewall on it. It's a simple linux mail server, and the firewall is iptables. The input/output/forward policies are set to log/ drop.

However, I receive on this internal interface packets that "seems" come from external addresses, for instance, to port 8000.

So, here my questions.

I think the Cisco doesn't left enter IP spoofed packets on the external interface. Can you confirm this.

So, it's a local server that send IP spoofed packets, and try to bounce on my server ?

Or the ip spoofed packets come directly from my mail server ?

Thanks again.

Reply to
Andre Rodier
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.