MASQ not resetting.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


I have a small network out here, behind a masquerading firewall.

My firewall gets kicked out by my provider once a day, and gets
assigned a new IP address. the link is back up in about 30 seconds.

All my machines run NTP. 

/proc/net/ip_masq# cat udp 
Prot SrcIP    SPrt DstIP    DPrt MAddr    MPrt State Expires HRow HCol 
                                                      (free=40949,40960,40960)
UDP  C0A8EA01:040E 82A12614:007B C36069AA:EFE4 UDP     3195   48    1  
UDP  C0A8EA01:040F 82A12614:007B C36069AA:EFE7 UDP     3247   51    1  
UDP  C0A8EA01:007B C3606061:007B D4404C1A:EE50 UDP     3571   65    1  
UDP  C0A8EA02:007B C3606061:007B D4404C1A:EE49 UDP     3555   88    1  
UDP  C0A8EA01:040D 82A12642:007B C36069AA:EFE3 UDP     3193   97    1  
UDP  C0A8EA01:040C 82A12641:007B C36069AA:EFE2 UDP     3190   99    1  
UDP  C0A8EA01:040F 82A12642:007B C36069AA:EFE6 UDP     3247  100    1  
UDP  C0A8EA01:040F 82A12641:007B C36069AA:EFE5 UDP     3247  100    2  
UDP  C0A8EA02:007B 82A1B441:007B D4404C1A:EE4B UDP     3596  122    1  
UDP  C0A8EA02:007B 82A12641:007B D4404C1A:EE4A UDP     3576  123    1  
UDP  C0A8EA01:007B 82A12641:007B D4404C1A:EE4F UDP     3570  126    1  


As you can see, I just did some testing from the ".1" machine which is
correctly masqueraded with the outgoing IP address of today (C3...),
but the .1 and .2 machines both have entries indicating that they are
trying to contact outside servers with the D4.... IP address that I
probably had a few days ago.

It seems as if the masq table entry has an IP address entry. Shouldn't
this be a reference to "the IP addr of that interface"? Thus when the
interface goes down and comes back up, the new addr is used?

Currently every xxx seconds the person now logged in on D4404C1A will
get a reply to my ntp query.....

(it is wrong to take the masq entry down with the interface: Then
people with fixed-ip will see their masqed connections go down, over a
power-cycle of their modem)

If you network guys can think of a valid reason why a masq-ed
connection may need to persist with an invalid IP address, then I'd
also accept a solution where I'd be able to nuke the offending 
masq entries in my IP-up script. 

				Roger.

-- 
** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
*       Common sense is the collection of                                *
******  prejudices acquired by age eighteen.   -- Albert Einstein ********
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux