Re: IP Masquerading problems with 2.2.x

Admin (admin@eregion.de)
Wed, 01 Sep 1999 22:33:33 +0200


On Tue, 31 Aug 1999 18:47:15 -0300, Juanjo Ciarlante wrote:

>could you send me the result of
> # ifconfig ippp0;cat /proc/net/ip_masq/udp
> 1) before disconnect
> 2) after new connect, forcing a DNS query from inside
>

this pointed me to some experimenting, in which I found that all the tables in /proc/net/ip_masq/* won't get cleared by a down/up cycle of the masq_device...
changing kernel to that would solve this riddle... I think this appeared only here 'cause people who sit behind masq_gates don't do UDP so often, or if so, they use appropriate ip_masq_* modules or
ipmasqadm with it... and with tcp, it won't matter cause tcp is connection-oriented...

anyway, here some log:
1. before connect:
ippp0 Link encap:Point-to-Point Protocol
inet addr:1.0.0.1 P-t-P:1.0.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:965504 errors:0 dropped:0 overruns:0 frame:0
TX packets:994729 errors:1 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10

Prot SrcIP SPrt DstIP DPrt MAddr MPrt State Flgs Ref Ctl Expires (free=40960,40960,40960)

2. after first query:
ippp0 Link encap:Point-to-Point Protocol
inet addr:149.225.20.177 P-t-P:193.103.157.5 Mask:255.255.0.0
UP POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:965514 errors:0 dropped:0 overruns:0 frame:0
TX packets:994740 errors:1 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10

Prot SrcIP SPrt DstIP DPrt MAddr MPrt State Flgs Ref Ctl Expires (free=40959,40960,40960)
UDP C0A8EE02:0035 C04C9042:0035 95E114B1:FC81 UDP 110 2 0 289

3. after hangup:
ippp0 Link encap:Point-to-Point Protocol
inet addr:1.0.0.1 P-t-P:1.0.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:965515 errors:0 dropped:0 overruns:0 frame:0
TX packets:994741 errors:1 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10

Prot SrcIP SPrt DstIP DPrt MAddr MPrt State Flgs Ref Ctl Expires (free=40959,40960,40960)
UDP C0A8EE02:0035 C04C900E:0035 95E114B1:FC81 UDP 110 2 0 292
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

4. after another query:
ippp0 Link encap:Point-to-Point Protocol
inet addr:149.225.20.184 P-t-P:193.103.157.5 Mask:255.255.0.0
UP POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:965524 errors:0 dropped:0 overruns:0 frame:0
TX packets:994753 errors:1 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10

Prot SrcIP SPrt DstIP DPrt MAddr MPrt State Flgs Ref Ctl Expires (free=40959,40960,40960)
UDP C0A8EE02:0035 C04C9042:0035 95E114B1:FC81 UDP 110 2 0 284

So I think it would be great to either add an option for flushing masquerading tables in ipchains or doing it on an down/up cycle in the kernel... If you could give me directions, I could do it myself...
or would erasing the masquerading rules and setting them anew by /etc/ppp/ip-down do the trick?

bye
Mathias

-- 
eregion.de -- administrative account

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu