[NCLUG] IP Masqing on the New and Improved AT&T
Neil Doane
caine at vasoftware.com
Tue Dec 11 12:05:53 MST 2001
* Eric Brunson (brunson at level3.net) on [12-11-01 09:03] did utter:
> I'm sorry I don't have an solution for your problems and I certainly
> don't deny that you are seeing this behavior, but from my (possibly
> incorrect) understanding of how NATting works, I can't agree with your
> proposed expanation for it.
Understandable. I don't much agree with it either, but I'm at a loss to
explain how their DNS servers can tell that the request is coming from a
masq-ed workstation behind my firewall and not from the box connected to the
modem. My ipchains rules are pretty simple...
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/16 -j MASQ
I just checked again and it's still doing it...hrm.
Neil
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
. /._ o /
/|//- / / caine at vasoftware.com
/ ''- / /__ caine at antediluvian.org
'
~~ http://angryflower.com/bobsqu.gif ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the NCLUG
mailing list