From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Praszalowicz Subject: masquerading setting bogus source IP address Date: 10 Sep 2002 20:04:56 +0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1031681096.5122.12.camel@bilbol> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=-yU/vaR1xSZD5+Vc4YL8Y" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org --=-yU/vaR1xSZD5+Vc4YL8Y Content-Type: text/plain Content-Transfer-Encoding: 7bit Hi guys, We're using a Linux 2.4 box as an ASDL gateway for our company office. Today after rebooting this server we catched a very strange problem... The gateway itself could access the net, but not the masqueraded machines. Running tcpdump, we saw that the gateway was setting the wrong source IP for the masqueraded connections. Basically, the packets it sent had src-addr set to 10.0.0.0. After restarting the pppoe/PPP link to the dsl modem, the source IP seemed to be incremented. I don't know for sure but at one point the IP was 10.0.0.17 and next 10.0.0.18. I solved the problem by adding a SNAT rule before the MASQ one: iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -t nat -I POSTROUTING 1 -j SNAT --to 217.128.104.14 Has anybody seen this before ? Could it be related to the order in which we start things (like ppp, firewall scripts, ...) Thanks anyway ======================= Some details about the tcpdump results: ** packets originating from the masqueraded hosts, with bogus src ip: 19:09:19.693511 10.0.0.0.33514 > 128.8.10.90.domain: 29756 A? tracker.ambrosia.net. (38) (DF) 19:09:19.693539 10.0.0.0.33514 > 193.252.19.3.domain: 17779+ A? login.oscar.aol.com. (37) (DF) mail.avedya.com. (33) (DF) 19:09:20.693477 10.0.0.0.33514 > 128.63.2.53.domain: 6018 A? mail.edi-presse.fr. (36) (DF) ** packets originating from the gateway itself, src is OK 19:09:23.985905 217.128.104.14.1049 > 193.252.19.3.domain: 11374+ A? yahoo.com. (27) (DF) 19:09:24.128264 193.252.19.3.domain > 217.128.104.14.1049: 11374 2/5/5 A 66.218.71.198, A 64.58.79.230 (229) (DF) --=-yU/vaR1xSZD5+Vc4YL8Y Content-Type: text/html; charset=utf-8 Hi guys,

We're using a Linux 2.4 box as an ASDL gateway for our company office.

Today after rebooting this server we catched a very strange problem...

The gateway itself could access the net, but not the masqueraded machines.
Running tcpdump, we saw that the gateway was setting the wrong source IP for the masqueraded connections.

Basically, the packets it sent had src-addr set to 10.0.0.0.

After restarting the pppoe/PPP link to the dsl modem, the source IP seemed to be incremented. I don't know for sure but at one point the IP was 10.0.0.17 and next 10.0.0.18.

I solved the problem by adding a SNAT rule before the MASQ one:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -I POSTROUTING 1 -j SNAT --to 217.128.104.14

Has anybody seen this before ?
Could it be related to the order in which we start things (like ppp, firewall scripts, ...)

Thanks anyway

=======================
Some details about the tcpdump results:

** packets originating from the masqueraded hosts, with bogus src ip:

19:09:19.693511 10.0.0.0.33514 > 128.8.10.90.domain:  29756 A? tracker.ambrosia.net. (38) (DF)
19:09:19.693539 10.0.0.0.33514 > 193.252.19.3.domain:  17779+ A? login.oscar.aol.com. (37) (DF)
mail.avedya.com. (33) (DF)
19:09:20.693477 10.0.0.0.33514 > 128.63.2.53.domain:  6018 A? mail.edi-presse.fr. (36) (DF)

** packets originating from the gateway itself, src is OK
19:09:23.985905 217.128.104.14.1049 > 193.252.19.3.domain:  11374+ A? yahoo.com. (27) (DF)
19:09:24.128264 193.252.19.3.domain > 217.128.104.14.1049:  11374 2/5/5 A 66.218.71.198, A 64.58.79.230 (229) (DF)

--=-yU/vaR1xSZD5+Vc4YL8Y--