From owner-freebsd-questions@FreeBSD.ORG Sun Apr 11 12:10:58 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F0821065678 for ; Sun, 11 Apr 2010 12:10:58 +0000 (UTC) (envelope-from walterk1@earthlink.net) Received: from pop-savannah.atl.sa.earthlink.net (pop-savannah.atl.sa.earthlink.net [207.69.195.69]) by mx1.freebsd.org (Postfix) with ESMTP id 475868FC13 for ; Sun, 11 Apr 2010 12:10:58 +0000 (UTC) Received: from user-0c6sn0e.cable.mindspring.com ([24.110.92.14] helo=[192.168.0.100]) by pop-savannah.atl.sa.earthlink.net with esmtp (Exim 3.36 #1) id 1O0w09-0006PG-00; Sun, 11 Apr 2010 08:10:57 -0400 Message-ID: <4BC1BC4A.40605@earthlink.net> Date: Sun, 11 Apr 2010 07:10:50 -0500 From: Walter User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 X-Accept-Language: en-us, en To: Adam Vande More References: <4BC0911E.2090703@earthlink.net> In-Reply-To: Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Questions Subject: Re: host & dig X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Apr 2010 12:10:58 -0000 Adam Vande More wrote: I used telnet to connect to 68.204.xxx.xxx it tells me I've connected to [1]xxx.xxx.204.68.cfl.res.rr.com. (backwards, right?), then I log in. No, you have to a connection before you login. You want to *strongly* consider using ssh instead of telnet. You may also be referring the format of the DNS query result which known as [2]http://en.wikipedia.org/wiki/Reverse_DNS_lookup I DID have a connection. ??? Maybe I gave too much detail, but the point is that the IP yielded by host/dig did not match what "whatismyip.com" gave here. I'd like to know why. After user/pass entry, it says connected from "user-yyyyyyy.cab" (replaced seemingly random name with "yyyyyyy" in case it's not transient) My external IP here is 24.110.nnn.nnn The issue: When I use either "host" or "dig" to give me the IP address from "user-yyyyyyy.cab", they tell me: 208.68.zzz.zzz (Ping gives the same.) So, I'm still at a loss, I think, to know the originating IP. Should a firewall rule blocking 208.68.zzz.zzz actually operate against 24.110.nnn.nnn? I don't understand the question, what is the rule? I'd STILL like to know the true source IP to be able to connect back to it. man sockstat man netstat Thanks. Did that: "netstat -n" gives the correct IP. "sockstat" does also. I couldn't find anything in the host or dig man pages that indicated to me that they could be made to yield the proper 24.110.*.* IP address. About the "rule"::: I was just mentioning one of the reasons I want the IP address is so I can monitor multiple bad login attempts to block the troublesome IP with a firewall rule. I ALSO would like the correct IP for another purpose (project), that involves connecting back to the source IP. I will give a try to find out which IP address the ipfw firewall operates on - the 208.68.*.* one or the 24.110.*.* one. It's not obvious which at this point to me. Thanks. Walter References 1. http://xxx.xxx.204.68.cfl.res.rr.com/ 2. http://en.wikipedia.org/wiki/Reverse_DNS_lookup