On Thu, Sep 24, 1998 at 12:34:47PM -0400, Jose M. Sanchez wrote:
> Eh, this is not "on the internet".
Eh, yes, it is. In my original message I said that on a mail server, which is
on a whole different network, connected to a whole different ISP, I typed
"netstat" and saw something like the following:
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 mail.pop3 192.168.0.253.64816 SYN_RCVD
This means that a packet arrived at mail claiming to have an origin of
192.168.0.253. Of course it can't get past the SYN_RCVD state since the ACK
will be sent to a bogus address. And the question remains: how was a packet
claiming to have an origin of 192.168.0.253 emitted from the masquerading box?
>
> sl0 is used PRIOR to the connection being brought up. It catches IP packets
> bound for the internet.
>
> Diald "holds" these IP packets, dials up the ISP, then reconfigures your
> machine to use the ppp link instead. Finally the held packet(s) are
> forwarded up the PPP link.
I understand this. But in this case this mechanism isn't working properly. The
ppp link is being used, but the packets have the wrong origin address.
>
> Nothing is wrong.
>
> The address "appears" because you have effectively announced it to the world
> as being the address of YOUR side of the ppp link. The machine you connect
> to is the otherside of the ppp link.
>
> Type "ifconfig", before and after a connection, and you'll see that the
> P-to-P value corresponds to this...
>
> You could have choosen practically any address, IF you allowed diald to
> dynamically grab the address the ISP gives you...
It's possible that I didn't configure something correctly, but most of the time
it does get the ISP's dynamic address and work properly. On occasion, however,
the behavior is as described above.
>
> -JMS
>
> -----Original Message-----
> From: Chris Johnson <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Thursday, September 24, 1998 10:18 AM
> Subject: Re: [masq] Internal address showing up outside
>
>
> >On Thu, Sep 24, 1998 at 10:21:57AM -0400, Jose M. Sanchez wrote:
> >> Does this "fake slip connection" happen to correspond to the
> >> address for "sl0" when you run ifconfig?
> >
> >Yes, that's the "fake SLIP connection" I'm talking about. Why does this
> address
> >end up on the Internet?
> >
> >Chris
> >
> >-----Original Message-----
> >
> >> > I set up masquerading and diald on a friend's computer recently. A
> little
> >> > while ago I did a netstat on a mail server that I administer, and saw a
> >> > connection to a foreign address of 192.168.0.253. This connection was
> from
> >> > my friend's masquerading box, and 192.168.0.253 is what I used for one
> of
> >> > the addresses that diald employs for the fake SLIP connection that it
> >> > maintains when the PPP connection isn't up.
> >> >
> >> > So the question is: how the hell did a packet with that address get
> itself
> >> > out of the box? This doesn't always occur with his setup -- in fact it
> >> > normally doesn't.
> >> >
> >> > His setup is pretty generic, with minimal forwarding rules -- just the
> >> > default deny policy and the rule to masquerade his 192.168.0.0 network.
> >> > diald is set up to use 192.168.0.253 and 254 for its fake SLIP
> connection.
> >> >
> >> > The only explanation I can conceive of is that diald (or pppd) isn't
> >> > setting the local IP (which is dynamically supplied by the ISP)
> correctly
> >> > when the connection comes up, and that this may be a result of some
> >> > confusion about the fake SLIP addresses being in the same network as
> his
> >> > internal class C (this is the first time I set up diald, and this
> didn't
> >> > occur to me at the time).
> >> >
> >> > Any ideas?
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >For daily digest info, email [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
