This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange Masquerading Issue

Hi.

Today I've got a call from a colleague.
From what he says - he can see in his firewall, the internal source address of some (not all) of the stations from my Lan network which connect to his servers.
Since my entire internal network doing Masquerading, I wonder how this could be.
As far as I know, only DNat transmit the source address.

Any Idea?
[:S]

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

Hi,

Strict Mode does seem to be helping with the leaking packets.

However, Strict Mode seems to drop all "ACK PSH FIN" packets, even from fresh connections (e.g. not already expired by iptables).

This causes a LOT of traffic from the Android and iOS to be logged, for some reason.
Refreshing my gmail on my Android immediately logs 3 dropped packets each time.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 11 years ago

Hi,

Strict Mode does seem to be helping with the leaking packets.

However, Strict Mode seems to drop all "ACK PSH FIN" packets, even from fresh connections (e.g. not already expired by iptables).

This causes a LOT of traffic from the Android and iOS to be logged, for some reason.
Refreshing my gmail on my Android immediately logs 3 dropped packets each time.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data