* [LARTC] ppp nat mappings
@ 2004-11-06 2:34 joeask
0 siblings, 0 replies; only message in thread
From: joeask @ 2004-11-06 2:34 UTC (permalink / raw)
To: lartc
Hi all,
i hope i'm not totally wrong on this list.
I setup a NAT router with the help of adsl-setup and shorewall. I've got
a ppp link to the net and shorewall created the iptables. after a
reconnect of the ppp link i get a new ip-address, but as long as the
existing kernel udp mappings| which were create by outgoing udp traffic|
don't get timed out, the router sends out udp packets belonging to this
mapping still contain the previous public ip-address.
i can see this in /proc/net/ip_conntrack and ethereal:
udp 17 178 src\x192.168.0.160 dst!7.10.79.9 sportP60 dportP60
src!7.10.79.9 dst€.135.x.y sportP60 dportP60 [ASSURED] use=1
but 80.135.x.y was my ipaddress some hours ago. if i stop sending udp
packets for about 5 minutes, the mapping is gone and replaced by a
mapping containing the correct public ip address.
ethereal shows, that the source address of the outgoing udp packets is
the old address, so i'm spoofing my ip address.
the kernel should notice that the ipaddress belonging to the mapping
changed and remove the mapping, shouldn't it?
Any suggestions on how to solve this problem?
Thanks,
joe
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-11-06 2:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-06 2:34 [LARTC] ppp nat mappings joeask
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.