On 29/11/05, Mark Dobossy <mark.dobossy@xxxxxxxxx> wrote: > I am having some issues with my internal IP's being leaked through my > gateway, to a few specific IP addresses. I have tried both "rolling > my own" iptables setup (very simple, only port 80 open, using either > masquerade or SNAT), as well as the ipkungfu script, and see the issue > across either way, and even on multiple machines/distros. > > The issue in question occurs when visiting > http://forums.corvetteforum.com. One of their "ad" suppliers has the > ip address, 66.110.24.220. Connections to this IP are leaving my > external device with my internal IP. This was verified both from logs > from my network admin's router, as well as by using ethereal on the > gateway machine, and analyzing eth1 (external device) for any packets > leaving with a source of 192.168.2.0/24. I only see connections to > this particular IP with the internal address (every thing else leaves > with the correct, external IP). > > For now, I have simply banned this IP, but I am afraid it may start > occuring elsewhere, and the network admin has threatened to kick this > box off the network if it happens again. Is there a rule to disallow > any outgoing network connection with an internal IP? Why would > masquerading be allowing this? I am pretty confused. > > I am currently running Mandriva 2006, with the 2.6.12 kernel, and > would be happy to supply any other info that may be necessary to solve > this. > > -Mark > > I suggest that you post the output from "iptables-save" here, and we can check it out for you.
