Non-masqueraded address seeping out?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I noticed something strange while trying to debug the previous problem I
posted about:

When I initiate a PPTP connection from a Windows 2000 machine through my
Linux 2.6.14 firewall, one of the packets is sent out the
Internet-connected interface with a non-masqueraded source address. Or
at least that's what tethereal and tcpdump claim; see the log below.
Notice that the packet at 0.040063 ("PPTP Outgoing-Call-Request") is
first sent with a source address of 10.10.10.1, then re-sent(?) 2.5
seconds later with a 'correct' source address of 24.24.24.224.

I see the same behavior regardless of whether ip_nat_pptp &
ip_conntrack_pptp are loaded.

Is there a logical explanation for this?
I'm curious to know whether connections would go through 2.5 seconds
faster if the 'misaddressed' packet were eliminated...

Thanks,
Jordan Russell


# tethereal -ni eth1 host 66.166.166.166
Capturing on eth1
  0.000000 24.24.24.224 -> 66.166.166.166 TCP 41824 > 1723 [SYN] Seq=0
Ack=0 Win=65535 Len=0 MSS=1460
  0.015359 66.166.166.166 -> 24.24.24.224 TCP 1723 > 41824 [SYN, ACK]
Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
  0.015498 24.24.24.224 -> 66.166.166.166 TCP 41824 > 1723 [ACK] Seq=1
Ack=1 Win=65535 Len=0
  0.015542 24.24.24.224 -> 66.166.166.166 PPTP
Start-Control-Connection-Request
  0.033877 66.166.166.166 -> 24.24.24.224 TCP 1723 > 41824 [ACK] Seq=1
Ack=157 Win=5840 Len=0
  0.039882 66.166.166.166 -> 24.24.24.224 PPTP
Start-Control-Connection-Reply
  0.040063   10.10.10.1 -> 66.166.166.166 PPTP Outgoing-Call-Request
  2.603036 24.24.24.224 -> 66.166.166.166 PPTP Outgoing-Call-Request
  2.627212 66.166.166.166 -> 24.24.24.224 PPTP Outgoing-Call-Reply
  2.629100 24.24.24.224 -> 66.166.166.166 PPTP Set-Link-Info
  2.630681 66.166.166.166 -> 24.24.24.224 PPP LCP Configuration Request
  2.632082 24.24.24.224 -> 66.166.166.166 PPP LCP Configuration Request
  2.632102 24.24.24.224 -> 66.166.166.166 PPP LCP Configuration Ack
  2.651733 66.166.166.166 -> 24.24.24.224 PPP LCP Configuration Reject
  2.651973 24.24.24.224 -> 66.166.166.166 PPP LCP Configuration Request
  2.668760 66.166.166.166 -> 24.24.24.224 PPP LCP Configuration Ack
[...]

Legend:
10.10.10.1 is the LAN address of the PPTP client (Windows 2000)
24.24.24.224 is the Internet address of the Linux 2.6.14 NAT/firewall
66.166.166.166 is the Internet address of the remote PPTP server
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux