LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-29-2002, 12:39 PM   #1
Adam613
LQ Newbie
 
Registered: Oct 2001
Location: NYC
Distribution: Mandrake
Posts: 12

Rep: Reputation: 0
IP unmasquerading


I used IP masquerading to set up one of my computers as a NAT so that I can share a cable modem among the three computers I own. It works fine, for the most part. However, the other day, my friend's firewall was complaining that I was IP spoofing when I tried to access her website from one of my NATted computers. It said my IP address was 192.168.0.2 (which is correct) but I was reporting 66.something (my NAT's exteral IP).

Is there any way I can make the computers on my internal network report their real IP addresses rather than their masqueraded IP address? I know people do this because a lot of people on gnutella have 10.x or 192.168.x addresses, and because I've gotten hits in my apache logs from similar IPs.

Thanks all!
 
Old 06-29-2002, 04:37 PM   #2
FireAge
LQ Newbie
 
Registered: Jun 2002
Location: Groningen, The Netherlands
Distribution: Redhat 7.3
Posts: 13

Rep: Reputation: 0
Ehm if i'm not mistaking, you are not supposed to "leak" your real ip to the outside, if your NAT is configured correctly, all traffic coming from any of the 3 pc's behind the NAT should appear to the outside as being from your NAT pc.
 
Old 06-29-2002, 05:35 PM   #3
Adam613
LQ Newbie
 
Registered: Oct 2001
Location: NYC
Distribution: Mandrake
Posts: 12

Original Poster
Rep: Reputation: 0
That's exactly the problem. I *want* to leak my real IP to the outside. Right now, all three PCs appears to be the same as my NAT, and that's not the behavior i want.
 
Old 07-01-2002, 09:11 AM   #4
Mik
Senior Member
 
Registered: Dec 2001
Location: The Netherlands
Distribution: Ubuntu
Posts: 1,316

Rep: Reputation: 47
Well those programs that display those ip addresses must be reporting the ip address in a different way. With a private ip you won't get very far on the internet. Any normal router on the internet should block all the private ip's anyways so you really shouldn't get further then your isp with a private ip address. If you really want to have three different ip's then you will just have to buy more ip's from your isp.
 
Old 03-04-2003, 10:55 AM   #5
estranged0877
Member
 
Registered: Jan 2003
Posts: 52

Rep: Reputation: 15
Adam613 did you ever find a way to leak out your ip through the masqueraded machine?

I have my nt4 bdc behind my linux router and it needs to communicate with my pdc which is offsite.

Obviously they don't communicate since the bdc isn't showing it's true IP.

Thanks
 
Old 03-04-2003, 01:00 PM   #6
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 880

Rep: Reputation: 184Reputation: 184
Not only do ISP's block packets comming from the reserved private address ranges, the internet simply does not contain routes for these networks. As all ip packets are routed based on destination address only it is possible to inject packets from these (and other) officially non-existant networks, but don't expect a response!

So either your NAT is not set up correctly, or this web site is using some other mechanism to discover your internal IP address, although what this is I can't imagine right now. A java applet or something of that nature?

estranged0877, PDC and BDC separated by a public network!?
You could try tunneling although if your going across the internet I would suggest IPSec.

Pete
 
Old 03-04-2003, 01:06 PM   #7
estranged0877
Member
 
Registered: Jan 2003
Posts: 52

Rep: Reputation: 15
Sorry, I guess one other additional bit of info might help... we do have a frame built between our facilities... so the PDC and BDC do and have communicated. It just was until I put up the RHL masquerade/router.

Thanks - any ideas?
 
Old 03-06-2003, 11:30 AM   #8
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 880

Rep: Reputation: 184Reputation: 184
So if they worked, why are you now natting? If you are trying to run windows machines either side of the internet via NAT you will have to NAT in and out -

10.1.1.1 ----->NAT----> 201.12.43.6------>NAT---->10.1.1.1
10.2.2.2 <-----NAT<-----193.2.44.99<-----NAT<-----10.2.2.2

This is the only way you will get around the fact that windows exchanges IP addresses in the SMB layer as well as in the IP addressing. NAT only translates the IP layer addresses, not what is carried in the SMB layer.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration