IP unmasquerading
 

I used IP masquerading to set up one of my computers as a NAT so that I can share a cable modem among the three computers I own. It works fine, for the most part. However, the other day, my friend's firewall was complaining that I was IP spoofing when I tried to access her website from one of my NATted computers. It said my IP address was 192.168.0.2 (which is correct) but I was reporting 66.something (my NAT's exteral IP).

Is there any way I can make the computers on my internal network report their real IP addresses rather than their masqueraded IP address? I know people do this because a lot of people on gnutella have 10.x or 192.168.x addresses, and because I've gotten hits in my apache logs from similar IPs.

Thanks all!

Ehm if i'm not mistaking, you are not supposed to "leak" your real ip to the outside, if your NAT is configured correctly, all traffic coming from any of the 3 pc's behind the NAT should appear to the outside as being from your NAT pc.

That's exactly the problem. I *want* to leak my real IP to the outside. Right now, all three PCs appears to be the same as my NAT, and that's not the behavior i want.

Well those programs that display those ip addresses must be reporting the ip address in a different way. With a private ip you won't get very far on the internet. Any normal router on the internet should block all the private ip's anyways so you really shouldn't get further then your isp with a private ip address. If you really want to have three different ip's then you will just have to buy more ip's from your isp.

Adam613 did you ever find a way to leak out your ip through the masqueraded machine?

I have my nt4 bdc behind my linux router and it needs to communicate with my pdc which is offsite.

Obviously they don't communicate since the bdc isn't showing it's true IP.

Thanks

Not only do ISP's block packets comming from the reserved private address ranges, the internet simply does not contain routes for these networks. As all ip packets are routed based on destination address only it is possible to inject packets from these (and other) officially non-existant networks, but don't expect a response!

So either your NAT is not set up correctly, or this web site is using some other mechanism to discover your internal IP address, although what this is I can't imagine right now. A java applet or something of that nature?

estranged0877, PDC and BDC separated by a public network!?
You could try tunneling although if your going across the internet I would suggest IPSec.

Pete

Sorry, I guess one other additional bit of info might help... we do have a frame built between our facilities... so the PDC and BDC do and have communicated. It just was until I put up the RHL masquerade/router.

Thanks - any ideas?

So if they worked, why are you now natting? If you are trying to run windows machines either side of the internet via NAT you will have to NAT in and out -

10.1.1.1 ----->NAT----> 201.12.43.6------>NAT---->10.1.1.1
10.2.2.2 <-----NAT<-----193.2.44.99<-----NAT<-----10.2.2.2

This is the only way you will get around the fact that windows exchanges IP addresses in the SMB layer as well as in the IP addressing. NAT only translates the IP layer addresses, not what is carried in the SMB layer.