[leaf-user] DCD, icmp & NAT ???

[Michael D. Schleif]

As you know, I sometimes run into seemingly inexplicable anomalies, for
which I do not know what corroborative evidence is appropriate.

This is another one of those ;>

[1] My question is, *how* can an icmp packet get through DCD _and_ get
to an internal, NAT'ed system ???

[2] Stock DCD, regarding icmp -- no mods.

[3] LEAF/LRP development box:

        # uname -a
        Linux Frigg 2.2.19-3-LEAF #4 Sun Dec 16 18:10:46 CST 2001 i586 unknown

        # ifconfig
        lo        Link encap:Local Loopback
                  inet addr:127.0.0.1  Mask:255.0.0.0
                  UP LOOPBACK RUNNING  MTU:3924  Metric:1
                  RX packets:28 errors:0 dropped:0 overruns:0 frame:0
                  TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
                  Collisions:0
        
        eth0      Link encap:Ethernet  HWaddr 00:60:97:67:74:9A
                  inet addr:192.168.123.130  Bcast:192.168.123.255 
Mask:255.255.255.0
                  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                  RX packets:3274464 errors:118 dropped:0 overruns:122
frame:118
                  TX packets:935885 errors:0 dropped:0 overruns:0 carrier:0
                  Collisions:0
                  Interrupt:11 Base address:0xd800

[4] Strange message logged this morning:

        # grep icmp /var/log/syslog
        May  1 07:02:55 Frigg icmplogd: destination unreachable from
[12.244.72.230]
        May  1 07:09:19 Frigg icmplogd: destination unreachable from
[12.244.72.230]

[5] 12.244.72.230 is somewhere on AT&T network; but, doesn't have a dns
name nor reverse lookup:

        # dnsname 12.244.72.230
        
        
        # dnsqr any 230.72.244.12.in-addr.arpa
        255 230.72.244.12.in-addr.arpa:
        44 bytes, 1+0+0+0 records, response, authoritative, nxdomain
        query: 255 230.72.244.12.in-addr.arpa
        
        # dnsqr any 72.244.12.in-addr.arpa
        255 72.244.12.in-addr.arpa:
        40 bytes, 1+0+0+0 records, response, noerror
        query: 255 72.244.12.in-addr.arpa
        
        # dnsqr any 244.12.in-addr.arpa
        255 244.12.in-addr.arpa:
        198 bytes, 1+5+0+0 records, response, noerror
        query: 255 244.12.in-addr.arpa
        answer: 244.12.in-addr.arpa 172800 NS cbru.br.ns.els-gms.att.net
        answer: 244.12.in-addr.arpa 172800 NS dbru.br.ns.els-gms.att.net
        answer: 244.12.in-addr.arpa 172800 NS cmtu.mt.ns.els-gms.att.net
        answer: 244.12.in-addr.arpa 172800 NS dmtu.mt.ns.els-gms.att.net
        answer: 244.12.in-addr.arpa 172800 SOA cbru.br.ns.els-gms.att.net
rm-hostmaster.ems.att.com 29 86400 10000 600000 172800

What do you think?

-- 

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .