Re: External IP addresses on internal network

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Aug 27, 2003 at 02:50:52PM -0400, Jeffrey Laramie wrote:

> >>Aug 26 15:39:46 NS2 kernel: Filter_INPUT: IN=eth1 OUT=
> >>MAC=00:c0:f0:69:26:49:52:54:00:de:46:c7:08:00 SRC=172.144.233.136
> >>DST=192.168.0.24 LEN=73 TOS=0x10 PREC=0x00 TTL=128 ID=1755 PROTO=UDP
> >>SPT=137 DPT=53 LEN=53
> >
> >It looks to me that 172.144.233.136 is a nameserver, and 192.168.0.24 asked
> >it for name resolution, and we're looking at its answer.
> >
> This entry is generated by the built-in filter INPUT chain so I would 
> read this as a DNS request coming from 172.144.233.136 (SRC) and 
> destined for the host at 192.168.0.24 (which is the firewall's LAN 
> facing IP). The firewall host is also a DNS server for my LAN so this 
> would be a normal request coming from the LAN **except** for the client 
> IP address.

Could it be that the client machine dials up to AOL, receives that IP
address and later it needs to resolve a name and vecause of the DNS
settings on the client machine it tries the query 192.168.0.24 with
its source 172.144.233.136?

Ramin


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux