* masquerading setting bogus source IP address
@ 2002-09-10 18:04 Stefan Praszalowicz
0 siblings, 0 replies; 3+ messages in thread
From: Stefan Praszalowicz @ 2002-09-10 18:04 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 1604 bytes --]
Hi guys,
We're using a Linux 2.4 box as an ASDL gateway for our company office.
Today after rebooting this server we catched a very strange problem...
The gateway itself could access the net, but not the masqueraded
machines.
Running tcpdump, we saw that the gateway was setting the wrong source IP
for the masqueraded connections.
Basically, the packets it sent had src-addr set to 10.0.0.0.
After restarting the pppoe/PPP link to the dsl modem, the source IP
seemed to be incremented. I don't know for sure but at one point the IP
was 10.0.0.17 and next 10.0.0.18.
I solved the problem by adding a SNAT rule before the MASQ one:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -I POSTROUTING 1 -j SNAT --to 217.128.104.14
Has anybody seen this before ?
Could it be related to the order in which we start things (like ppp,
firewall scripts, ...)
Thanks anyway
=======================
Some details about the tcpdump results:
** packets originating from the masqueraded hosts, with bogus src ip:
19:09:19.693511 10.0.0.0.33514 > 128.8.10.90.domain: 29756 A?
tracker.ambrosia.net. (38) (DF)
19:09:19.693539 10.0.0.0.33514 > 193.252.19.3.domain: 17779+ A?
login.oscar.aol.com. (37) (DF)
mail.avedya.com. (33) (DF)
19:09:20.693477 10.0.0.0.33514 > 128.63.2.53.domain: 6018 A?
mail.edi-presse.fr. (36) (DF)
** packets originating from the gateway itself, src is OK
19:09:23.985905 217.128.104.14.1049 > 193.252.19.3.domain: 11374+ A?
yahoo.com. (27) (DF)
19:09:24.128264 193.252.19.3.domain > 217.128.104.14.1049: 11374 2/5/5
A 66.218.71.198, A 64.58.79.230 (229) (DF)
[-- Attachment #2: Type: text/html, Size: 2052 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: masquerading setting bogus source IP address
@ 2002-09-11 8:52 Gert.Vandelaer
0 siblings, 0 replies; 3+ messages in thread
From: Gert.Vandelaer @ 2002-09-11 8:52 UTC (permalink / raw)
To: Stefan Praszalowicz; +Cc: netfilter
Hya,
first of all, I'd like to start by asking why you had to reboot the server
?
After knowing that, there might be some more clues to follow ...
Your problem fixer is not going to last because masq is the same as snat,
with the difference that snat does not handle dynamic ip's (explained in
docs ...)
What IP range does your lan have ? What is the IP (if any at all) of the
nic connected to the DSL router ?
Cya,
Gert
Stefan Praszalowicz
<stefan@avedya.com> To: netfilter@lists.netfilter.org
Sent by: cc:
netfilter-admin@lists.net Subject: masquerading setting bogus source IP address
filter.org
10/09/2002 08:04 PM
Hi guys,
We're using a Linux 2.4 box as an ASDL gateway for our company office.
Today after rebooting this server we catched a very strange problem...
The gateway itself could access the net, but not the masqueraded machines.
Running tcpdump, we saw that the gateway was setting the wrong source IP
for the masqueraded connections.
Basically, the packets it sent had src-addr set to 10.0.0.0.
After restarting the pppoe/PPP link to the dsl modem, the source IP seemed
to be incremented. I don't know for sure but at one point the IP was
10.0.0.17 and next 10.0.0.18.
I solved the problem by adding a SNAT rule before the MASQ one:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -I POSTROUTING 1 -j SNAT --to 217.128.104.14
Has anybody seen this before ?
Could it be related to the order in which we start things (like ppp,
firewall scripts, ...)
Thanks anyway
=======================
Some details about the tcpdump results:
** packets originating from the masqueraded hosts, with bogus src ip:
19:09:19.693511 10.0.0.0.33514 > 128.8.10.90.domain: 29756 A?
tracker.ambrosia.net. (38) (DF)
19:09:19.693539 10.0.0.0.33514 > 193.252.19.3.domain: 17779+ A?
login.oscar.aol.com. (37) (DF)
mail.avedya.com. (33) (DF)
19:09:20.693477 10.0.0.0.33514 > 128.63.2.53.domain: 6018 A?
mail.edi-presse.fr. (36) (DF)
** packets originating from the gateway itself, src is OK
19:09:23.985905 217.128.104.14.1049 > 193.252.19.3.domain: 11374+ A?
yahoo.com. (27) (DF)
19:09:24.128264 193.252.19.3.domain > 217.128.104.14.1049: 11374 2/5/5 A
66.218.71.198, A 64.58.79.230 (229) (DF)
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: masquerading setting bogus source IP address
[not found] <OF65B32C17.2F140FDE-ONC1256C31.003030A8-C1256C31.0030C91E@medisearch-int.co m>
@ 2002-09-11 11:31 ` Stefan Praszalowicz
0 siblings, 0 replies; 3+ messages in thread
From: Stefan Praszalowicz @ 2002-09-11 11:31 UTC (permalink / raw)
To: Gert.Vandelaer; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 4858 bytes --]
On Wed, 2002-09-11 at 10:52, Gert.Vandelaer@medisearch-int.com wrote:
Hya,
first of all, I'd like to start by asking why you had to reboot the server
?
The server was acting weird, we had a bunch of different problems (like
no more dhcp, no more dns, some machines had access to the net and
others did not), and as we were 3 not very organized guys on the thing
we ended up rebooting it in confusion.
After knowing that, there might be some more clues to follow ...
Your problem fixer is not going to last because masq is the same as snat,
with the difference that snat does not handle dynamic ip's (explained in
docs ...)
Aha ! I did not know that ;) And that's good news too, because our
public IP is static.
What IP range does your lan have ? What is the IP (if any at all) of the
nic connected to the DSL router ?
The lan IP range is 192.168.x.x/16, with subnets 192.168.1.x/24 being
the servers subnet and 192.168.3.x/24 the wireless lan hosts subnet.
The NIC to the DSL router is actually connected to a switch on which we
have the WLAN access points and the DSL router.
This NIC has IPs on both ranged: eth1/192.168.3.254 and
eth1:0/10.0.0.137
Thanks very much Gert for your quick response. I was happily surprised
to read your mail, which, starting by 'first of all...', gave me a warm
feeling of being listened to ;).
Stefan
Cya,
Gert
Stefan Praszalowicz
<stefan@avedya.com> To: netfilter@lists.netfilter.org
Sent by: cc:
netfilter-admin@lists.net Subject: masquerading setting bogus source IP address
filter.org
10/09/2002 08:04 PM
Hi guys,
We're using a Linux 2.4 box as an ASDL gateway for our company office.
Today after rebooting this server we catched a very strange problem...
The gateway itself could access the net, but not the masqueraded machines.
Running tcpdump, we saw that the gateway was setting the wrong source IP
for the masqueraded connections.
Basically, the packets it sent had src-addr set to 10.0.0.0.
After restarting the pppoe/PPP link to the dsl modem, the source IP seemed
to be incremented. I don't know for sure but at one point the IP was
10.0.0.17 and next 10.0.0.18.
I solved the problem by adding a SNAT rule before the MASQ one:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -I POSTROUTING 1 -j SNAT --to 217.128.104.14
Has anybody seen this before ?
Could it be related to the order in which we start things (like ppp,
firewall scripts, ...)
Thanks anyway
=======================
Some details about the tcpdump results:
** packets originating from the masqueraded hosts, with bogus src ip:
19:09:19.693511 10.0.0.0.33514 > 128.8.10.90.domain: 29756 A?
tracker.ambrosia.net. (38) (DF)
19:09:19.693539 10.0.0.0.33514 > 193.252.19.3.domain: 17779+ A?
login.oscar.aol.com. (37) (DF)
mail.avedya.com. (33) (DF)
19:09:20.693477 10.0.0.0.33514 > 128.63.2.53.domain: 6018 A?
mail.edi-presse.fr. (36) (DF)
** packets originating from the gateway itself, src is OK
19:09:23.985905 217.128.104.14.1049 > 193.252.19.3.domain: 11374+ A?
yahoo.com. (27) (DF)
19:09:24.128264 193.252.19.3.domain > 217.128.104.14.1049: 11374 2/5/5 A
66.218.71.198, A 64.58.79.230 (229) (DF)
[-- Attachment #2: Type: text/html, Size: 10015 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-09-11 11:31 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <OF65B32C17.2F140FDE-ONC1256C31.003030A8-C1256C31.0030C91E@medisearch-int.co m>
2002-09-11 11:31 ` masquerading setting bogus source IP address Stefan Praszalowicz
2002-09-11 8:52 Gert.Vandelaer
-- strict thread matches above, loose matches on Subject: below --
2002-09-10 18:04 Stefan Praszalowicz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox