* Non-masqueraded address seeping out?
@ 2005-11-04 4:47 Jordan Russell
0 siblings, 0 replies; only message in thread
From: Jordan Russell @ 2005-11-04 4:47 UTC (permalink / raw)
To: netfilter
Hi,
I noticed something strange while trying to debug the previous problem I
posted about:
When I initiate a PPTP connection from a Windows 2000 machine through my
Linux 2.6.14 firewall, one of the packets is sent out the
Internet-connected interface with a non-masqueraded source address. Or
at least that's what tethereal and tcpdump claim; see the log below.
Notice that the packet at 0.040063 ("PPTP Outgoing-Call-Request") is
first sent with a source address of 10.10.10.1, then re-sent(?) 2.5
seconds later with a 'correct' source address of 24.24.24.224.
I see the same behavior regardless of whether ip_nat_pptp &
ip_conntrack_pptp are loaded.
Is there a logical explanation for this?
I'm curious to know whether connections would go through 2.5 seconds
faster if the 'misaddressed' packet were eliminated...
Thanks,
Jordan Russell
# tethereal -ni eth1 host 66.166.166.166
Capturing on eth1
0.000000 24.24.24.224 -> 66.166.166.166 TCP 41824 > 1723 [SYN] Seq=0
Ack=0 Win=65535 Len=0 MSS=1460
0.015359 66.166.166.166 -> 24.24.24.224 TCP 1723 > 41824 [SYN, ACK]
Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
0.015498 24.24.24.224 -> 66.166.166.166 TCP 41824 > 1723 [ACK] Seq=1
Ack=1 Win=65535 Len=0
0.015542 24.24.24.224 -> 66.166.166.166 PPTP
Start-Control-Connection-Request
0.033877 66.166.166.166 -> 24.24.24.224 TCP 1723 > 41824 [ACK] Seq=1
Ack=157 Win=5840 Len=0
0.039882 66.166.166.166 -> 24.24.24.224 PPTP
Start-Control-Connection-Reply
0.040063 10.10.10.1 -> 66.166.166.166 PPTP Outgoing-Call-Request
2.603036 24.24.24.224 -> 66.166.166.166 PPTP Outgoing-Call-Request
2.627212 66.166.166.166 -> 24.24.24.224 PPTP Outgoing-Call-Reply
2.629100 24.24.24.224 -> 66.166.166.166 PPTP Set-Link-Info
2.630681 66.166.166.166 -> 24.24.24.224 PPP LCP Configuration Request
2.632082 24.24.24.224 -> 66.166.166.166 PPP LCP Configuration Request
2.632102 24.24.24.224 -> 66.166.166.166 PPP LCP Configuration Ack
2.651733 66.166.166.166 -> 24.24.24.224 PPP LCP Configuration Reject
2.651973 24.24.24.224 -> 66.166.166.166 PPP LCP Configuration Request
2.668760 66.166.166.166 -> 24.24.24.224 PPP LCP Configuration Ack
[...]
Legend:
10.10.10.1 is the LAN address of the PPTP client (Windows 2000)
24.24.24.224 is the Internet address of the Linux 2.6.14 NAT/firewall
66.166.166.166 is the Internet address of the remote PPTP server
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-11-04 4:47 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-11-04 4:47 Non-masqueraded address seeping out? Jordan Russell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox