Solved

Masquerading and diald

Posted on 1997-06-19
1
277 Views
Last Modified: 2010-03-17
I have a local ethernet network with ip masquerading and diald. My problem is that when I try to gain access to a local machine diald brings up my ISP. I think that my problem is in my routing setup. My ip address's are 192.168.1.1 for the server and 192.168.1.2 for the host. My ISP account is dynamic ppp. Any help would be greatly appreciated !!!!!
0
Comment
Question by:wilt
1 Comment
 
LVL 3

Accepted Solution

by:
sauron earned 50 total points
Comment Utility
I had exactly the same problem as this. In 99% of cases, I have found that it's DNS traffic that causes the problem. Make sure your hosts files list all you local machines. The make sure you don't have hosts.allow or hosts.deny files clogging things up.

Many protocols do something like the following

Client quieries DNS for servers address
Client connects to server
Server does revers lookup on client to ensure that clients claimed IP address is the same as the DNS's IP address for client's hostname.

This is a security enhancement and is usually transparent, but with diald.....

the r utilities are affected by this behaviour, among other things. f you have hosts.allow and hosts.deny files containing hostnames, it does this for everything.

What you can do is run tcpdump -i ppp0 on your masquerading machine, then try something which shouldn't bring the linl up, but does. This will show you the packet traffic across the link, which should help you pinpoint it. Be aware that tcpdump itself will do DNS lookups to be able to show you hostnames not IP addresses, so you'll have some extra packets originating from the masquerading machine. There's an option to tcpdump that will tell it to show numerical IP's, and will stop this behaviour.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

5 Experts available now in Live!

Get 1:1 Help Now