It appears that the TCP stack in Linux 2.4.x and in Windows XP (and so perhaps this is actually part of a standard?) ignore packets coming in on an ethernet interface for which the source address and destination address is the address associated with the interface.
I first modified my iptables UDP port fowarding stuff on my gateway box to change the source address of the forwarded gdipc.pl test packet to the (inside) address of the gateway machine. The address validation test then worked both on Linux and Windows.
But this is of no help for you, since you cannot directly play with iptables on your router box.
So I set my gateway box back to doing simple forwarding (in the same way your router probably does it), and did this on my internal Linux box instead:
iptables -t nat -A POSTROUTING -o eth0 \
-p udp --dport 5555 -j SNAT --to-source 192.168.0.10This modifies the source address on the way out. The address 192.168.0.10 is not the address of any box on my LAN.
With this done, the gdipc validation again works OK.
Perhaps you should try this. If you have a firewall set up, you will have to figure out where to put it, or drop your firewall using something like:
# flush all chains iptables -F iptables -F -t nat
# delete all user defined chains iptables -X
I would appreciate it if you could try this. If it works for you, I will document this as a known problem, and document this work around.
At this point, I do not know of any way to achieve this same effect just using (portable) Perl code in gdipc.pl.
Does anyone know a way to get Linux and/or Windows to not ignore these packets?
-------- Original Message -------- Subject: [Fwd: Re: [GnuDIP] using GnuDIP behind a NAT-Router] Date: Mon, 08 Mar 2004 21:25:49 -0700 From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED]
I have reproduced the problem. But it has me baffled.
When I use the "-g" option from my desktop machine on my internl LAN to update to GnuDIP running on my gateway machine, it works fine. I notice though that to see the UDP packet in Ethereal I have to watch the "lo" interface.
When I use it from my desktop machine to someone else's GnuDIP server, and use iptables to forward the test packet back to my desktop machine, it fails, although I can see the packet come back in Ethereal.
If I specify "-w 60", and use "netstat -ap | less -S", I can see the gdipc.pl script listening on the UDP port.
I tried forking a child in the script to send the packet after waiting a second, giving the parent time to issue the "select" (which waits for something to arrive). But this made no difference.
It may be a while before I can sort this out.
Anybody else have any ideas?
Perhaps I should add an option to allow the address validation message to be sent an received using TCP.
-------- Original Message -------- Subject: Re: [GnuDIP] using GnuDIP behind a NAT-Router Date: Mon, 08 Mar 2004 14:50:17 -0700 From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] References: <[EMAIL PROTECTED]>
It apears that in the example you give, the old address was 80.132.208.18, and the new address was 80.132.199.241.
So the UDP packet should would been sent to 80.132.208.18, and would not have been received since the address of your router was now 80.132.199.241.
If the client was just failing to listen on the UDP port, I would expect the before and after address in the messages to be the same. Do you have axamples like that?
Also, is the address in .GnuDIP2.cache.itzel.nerdcamp.net being set to the new address OK? If for some reason it was not, then the client would keep testing the old address.
I will retest this set up myself later, when I have time, just to be sure that I did not introduce a bug at some point.
[EMAIL PROTECTED] wrote:
Hi all,
I am using GnuDIP2 (2.3.5) on Linux behind a NAT-Router (Asus WL-500g). It is updateing the IP-Adress every time it has to check, because the UDP-packet for address verfication is timed out.
I used the following command to get it working: ./gdipc -g 5555:5555 the result is:
==== gdipc.pl running: Mon Mar 8 13:29:59 2004 ====
Configuration file name: /home/knoppix/.GnuDIP2
Cache file name: /home/knoppix/.GnuDIP2.cache.itzel.nerdcamp.net
Address validation failed for 80.132.208.18 - UDP packet timed out
Attempting update at update.nerdcamp.net ...
Update to address 80.132.199.241 from 80.132.208.18 successful for itzel.nerdcamp.net
I asked Mr. Google for help and he told me the a thread in this list, which explains what send- and receiveport means. The funny thing is, that the UDP-Packet is received by the Linux-box, as I could see with Ethereal. So my conclusion is, that gdipc is not listening on UDP:5555.
Any hints?
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click -- GnuDIP Mailing List http://gnudip2.sourceforge.net/gnudip-www/#mailinglist
-- Creighton MacDonnell http://macdonnell.ca/
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click -- GnuDIP Mailing List http://gnudip2.sourceforge.net/gnudip-www/#mailinglist
