Solved

Masquerading and diald

Posted on 1997-06-19
1
279 Views
Last Modified: 2010-03-17
I have a local ethernet network with ip masquerading and diald. My problem is that when I try to gain access to a local machine diald brings up my ISP. I think that my problem is in my routing setup. My ip address's are 192.168.1.1 for the server and 192.168.1.2 for the host. My ISP account is dynamic ppp. Any help would be greatly appreciated !!!!!
0
Comment
Question by:wilt
1 Comment
 
LVL 3

Accepted Solution

by:
sauron earned 50 total points
ID: 1584946
I had exactly the same problem as this. In 99% of cases, I have found that it's DNS traffic that causes the problem. Make sure your hosts files list all you local machines. The make sure you don't have hosts.allow or hosts.deny files clogging things up.

Many protocols do something like the following

Client quieries DNS for servers address
Client connects to server
Server does revers lookup on client to ensure that clients claimed IP address is the same as the DNS's IP address for client's hostname.

This is a security enhancement and is usually transparent, but with diald.....

the r utilities are affected by this behaviour, among other things. f you have hosts.allow and hosts.deny files containing hostnames, it does this for everything.

What you can do is run tcpdump -i ppp0 on your masquerading machine, then try something which shouldn't bring the linl up, but does. This will show you the packet traffic across the link, which should help you pinpoint it. Be aware that tcpdump itself will do DNS lookups to be able to show you hostnames not IP addresses, so you'll have some extra packets originating from the masquerading machine. There's an option to tcpdump that will tell it to show numerical IP's, and will stop this behaviour.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now