This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange Masquerading Issue

Hi.

Today I've got a call from a colleague.
From what he says - he can see in his firewall, the internal source address of some (not all) of the stations from my Lan network which connect to his servers.
Since my entire internal network doing Masquerading, I wonder how this could be.
As far as I know, only DNat transmit the source address.

Any Idea?
[:S]

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

Just started at home (UTM 9.106017), and already seeing a bunch of packets 'leaking':

loginuser@fw:/home/login > sudo tcpdump -nn -p -i eth0 src or dst net 192.168.0.                                                                                                                   0/16
root's password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
10:44:51.227769 IP 192.168.212.116.49068 > 157.56.244.134.993: FP 4178359632:417                                                                                                                   8359706(74) ack 2669006099 win 1641

10:48:09.093235 IP 192.168.212.116.49068 > 157.56.244.134.993: FP 0:74(74) ack 1                                                                                                                    win 1641
10:49:58.732497 IP 192.168.212.116.48631 > 176.34.235.44.80: F 2422316151:242231                                                                                                                   6151(0) ack 3874391965 win 245 
10:49:58.733566 IP 192.168.212.116.51439 > 50.112.102.20.80: F 1957015302:195701                                                                                                                   5302(0) ack 2526747354 win 607 
10:49:59.306467 IP 192.168.212.116.51439 > 50.112.102.20.80: F 0:0(0) ack 1 win                                                                                                                    607 
10:49:59.307564 IP 192.168.212.116.48631 > 176.34.235.44.80: F 0:0(0) ack 1 win                                                                                                                    245 
10:49:59.934775 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:49:59.935669 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.080001 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.080876 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.082469 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.083364 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.084220 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.183554 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.184438 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.185298 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.186219 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.187028 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.187890 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.188769 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.189623 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.190478 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.191354 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.192211 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.193082 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.193944 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.194840 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.195673 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.196533 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.197405 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.198266 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.199133 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.238113 IP 192.168.212.116.51439 > 50.112.102.20.80: F 0:0(0) ack 1 win                                                                                                                    607 
10:50:00.458902 IP 192.168.212.116.48631 > 176.34.235.44.80: F 0:0(0) ack 1 win                                                                                                                    245 
10:50:02.261126 IP 192.168.212.116.51439 > 50.112.102.20.80: F 0:0(0) ack 1 win                                                                                                                    607 
10:50:02.754703 IP 192.168.212.116.48631 > 176.34.235.44.80: F 0:0(0) ack 1 win                                                                                                                    245 
10:50:09.372146 IP 192.168.212.116.33549 > 74.125.224.64.443: F 4197301984:41973                                                                                                                   01984(0) ack 2963584267 win 485 
10:50:14.263765 IP 192.168.212.116.51439 > 50.112.102.20.80: F 0:0(0) ack 1 win                                                                                                                    607 
10:50:16.429270 IP 192.168.212.116.48631 > 176.34.235.44.80: F 0:0(0) ack 1 win                                                                                                                    245 
10:50:19.444505 IP 192.168.212.116.49068 > 157.56.244.134.993: FP 0:74(74) ack 1                                                                                                                    win 1641
10:50:59.757259 IP 192.168.212.116.51439 > 50.112.102.20.80: F 0:0(0) ack 1 win                                                                                                                    607 
10:51:04.201333 IP 192.168.212.116.48631 > 176.34.235.44.80: F 0:0(0) ack 1 win                                                                                                                    245 
10:53:05.862966 IP 192.168.212.116.51439 > 50.112.102.20.80: F 0:0(0) ack 1 win                                                                                                                    607 
10:54:08.297573 IP 192.168.212.116.48631 > 176.34.235.44.80: F 0:0(0) ack 1 win                                                                                                                    245

The 192.168.212.116 device is my Android phone, which is connected to my AP30. the .212 net is a wireless only net (not bridge-to-VLAN), and has a Masquerading rule.

Barry

Reply

0 BarryG over 11 years ago

Just started at home (UTM 9.106017), and already seeing a bunch of packets 'leaking':

loginuser@fw:/home/login > sudo tcpdump -nn -p -i eth0 src or dst net 192.168.0.                                                                                                                   0/16
root's password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
10:44:51.227769 IP 192.168.212.116.49068 > 157.56.244.134.993: FP 4178359632:417                                                                                                                   8359706(74) ack 2669006099 win 1641

10:48:09.093235 IP 192.168.212.116.49068 > 157.56.244.134.993: FP 0:74(74) ack 1                                                                                                                    win 1641
10:49:58.732497 IP 192.168.212.116.48631 > 176.34.235.44.80: F 2422316151:242231                                                                                                                   6151(0) ack 3874391965 win 245 
10:49:58.733566 IP 192.168.212.116.51439 > 50.112.102.20.80: F 1957015302:195701                                                                                                                   5302(0) ack 2526747354 win 607 
10:49:59.306467 IP 192.168.212.116.51439 > 50.112.102.20.80: F 0:0(0) ack 1 win                                                                                                                    607 
10:49:59.307564 IP 192.168.212.116.48631 > 176.34.235.44.80: F 0:0(0) ack 1 win                                                                                                                    245 
10:49:59.934775 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:49:59.935669 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.080001 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.080876 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.082469 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.083364 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.084220 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.183554 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.184438 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.185298 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.186219 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.187028 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.187890 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.188769 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.189623 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.190478 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.191354 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.192211 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.193082 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.193944 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.194840 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.195673 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.196533 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.197405 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.198266 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.199133 IP 192.168.212.116.57446 > 74.125.224.242.80: R 2500265296:25002                                                                                                                   65296(0) win 0
10:50:00.238113 IP 192.168.212.116.51439 > 50.112.102.20.80: F 0:0(0) ack 1 win                                                                                                                    607 
10:50:00.458902 IP 192.168.212.116.48631 > 176.34.235.44.80: F 0:0(0) ack 1 win                                                                                                                    245 
10:50:02.261126 IP 192.168.212.116.51439 > 50.112.102.20.80: F 0:0(0) ack 1 win                                                                                                                    607 
10:50:02.754703 IP 192.168.212.116.48631 > 176.34.235.44.80: F 0:0(0) ack 1 win                                                                                                                    245 
10:50:09.372146 IP 192.168.212.116.33549 > 74.125.224.64.443: F 4197301984:41973                                                                                                                   01984(0) ack 2963584267 win 485 
10:50:14.263765 IP 192.168.212.116.51439 > 50.112.102.20.80: F 0:0(0) ack 1 win                                                                                                                    607 
10:50:16.429270 IP 192.168.212.116.48631 > 176.34.235.44.80: F 0:0(0) ack 1 win                                                                                                                    245 
10:50:19.444505 IP 192.168.212.116.49068 > 157.56.244.134.993: FP 0:74(74) ack 1                                                                                                                    win 1641
10:50:59.757259 IP 192.168.212.116.51439 > 50.112.102.20.80: F 0:0(0) ack 1 win                                                                                                                    607 
10:51:04.201333 IP 192.168.212.116.48631 > 176.34.235.44.80: F 0:0(0) ack 1 win                                                                                                                    245 
10:53:05.862966 IP 192.168.212.116.51439 > 50.112.102.20.80: F 0:0(0) ack 1 win                                                                                                                    607 
10:54:08.297573 IP 192.168.212.116.48631 > 176.34.235.44.80: F 0:0(0) ack 1 win                                                                                                                    245

The 192.168.212.116 device is my Android phone, which is connected to my AP30. the .212 net is a wireless only net (not bridge-to-VLAN), and has a Masquerading rule.

Barry

Children

No Data