Date: Thu, 7 Feb 2002 10:21:29 -0500 From: "Marko" <markovich@mindspring.com> To: Ian <freebsd@damnhippie.dyndns.org> Cc: freebsd-hackers <freebsd-hackers@freebsd.org> Subject: Re[6]: natd UDP errors with PPP demand dial Message-ID: <70574510802.20020207102129@mindspring.com> In-Reply-To: <B8874137.9D30%freebsd@damnhippie.dyndns.org> References: <B8874137.9D30%freebsd@damnhippie.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>> >> I think I have to stick with the conventional setup, and go back to >> trying to answer my original questions: >> >> 1. Why is the machine trying to send packets to its own previous IP? >> 2. How do I stop that? I> Well, for some brute-force debugging, maybe you can get some extra clues by I> manually running natd -v in a console rather than running it as a daemon. I> The -v output shows each packet being aliased, and also shows the activity I> on the routing socket that it's monitoring for the -dynamic stuff. I> -- Ian Thanks, Ian. That's a good idea. When I did the above, I saw that natd enters some kind of a confused state after the IP change. I really don't see why it's doing that, or how to stop it. Is there someone, perhaps, from the natd development group that I should ask. What I did was just start from a link down state. Then I requested a connection for email from my workstation, waited for the link to disconnect again, and repeated the process a few times. The actors here are: my workstation 192.168.0.10 the firewall machine tun0 (depending on the ppp session) 207.69.102.20 207.69.100.116 207.69.100.110 207.69.100.52 Earthlink mail server 207.69.200.225 Earthlink DNS 207.69.188.185 207.69.188.186 Some web server said a couple of lines 63.210.68.198:80 Out [TCP] [TCP] 192.168.0.10:3978 -> 207.69.200.225:110 aliased to [TCP] 207.69.102.20:3978 -> 207.69.200.225:110 In [TCP] [TCP] 207.69.200.225:110 -> 207.69.102.20:3978 aliased to [TCP] 207.69.200.225:110 -> 192.168.0.10:3978 Out [TCP] [TCP] 192.168.0.10:3978 -> 207.69.200.225:110 aliased to [TCP] 207.69.102.20:3978 -> 207.69.200.225:110 In [TCP] [TCP] 207.69.200.225:110 -> 207.69.102.20:3978 aliased to [TCP] 207.69.200.225:110 -> 192.168.0.10:3978 Above is where I think the end of one ppp session is. My workstation is finishing talking with the mail server. I think the next ppp session is dialed here somewhere. Routing message 0x2 received. Routing message 0xd received. Out [TCP] [TCP] 192.168.0.10:3979 -> 207.69.200.225:110 aliased to [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 Out [TCP] [TCP] 192.168.0.10:3979 -> 207.69.200.225:110 aliased to [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 Out [TCP] [TCP] 192.168.0.10:3979 -> 207.69.200.225:110 aliased to [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 Routing message 0x2 received. Routing message 0xd received. Routing message 0xc received. Interface address/MTU has probably changed. Routing message 0x1 received. Routing message 0xc received. Interface address/MTU has probably changed. Routing message 0x1 received. Routing message 0x1 received. Routing message 0x3 received. I see that the IP changed above and natd recognized that Here is where natd enters the cone of confusion. It starts relaying messages from the mail server to its previous IP. In [TCP] [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 aliased to [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 Out [TCP] [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 aliased to >>>>>>>> [TCP] 207.69.100.116:110 -> 207.69.102.20:3979 In [TCP] [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 aliased to [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 Out [TCP] [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 aliased to [TCP] 207.69.100.116:110 -> 207.69.102.20:3979 In [TCP] [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 aliased to [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 Out [TCP] [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 aliased to [TCP] 207.69.100.116:110 -> 207.69.102.20:3979 In [TCP] [TCP] 207.69.102.20:3979 -> 207.69.100.116:110 aliased to [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 Out [TCP] [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 aliased to [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 In [TCP] [TCP] 207.69.102.20:3979 -> 207.69.100.116:110 aliased to [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 Out [TCP] [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 aliased to [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 In [TCP] [TCP] 207.69.102.20:3979 -> 207.69.100.116:110 aliased to [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 Out [TCP] [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 aliased to [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 I don't understand at all what happens above. The machine seems to try to talk to the mail server for a while using its previous IP. I think the next ppp session dialup happens here. It seems the machine tries to send some DNS queries using its previous IP. Routing message 0x2 received. Routing message 0xd received. Out [UDP] [UDP] 192.168.0.10:3980 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.116:3980 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3980 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.116:3980 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3980 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.116:3980 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3980 -> 207.69.188.185:53 aliased to [UDP] 207.69.100.116:3980 -> 207.69.188.185:53 Out [UDP] [UDP] 192.168.0.10:3980 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.116:3980 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3980 -> 207.69.188.185:53 aliased to [UDP] 207.69.100.116:3980 -> 207.69.188.185:53 Out [UDP] [UDP] 192.168.0.10:3980 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.116:3980 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3981 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.116:3981 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3981 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.116:3981 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3981 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.116:3981 -> 207.69.188.186:53 Routing message 0x2 received. Routing message 0xd received. Routing message 0xc received. Interface address/MTU has probably changed. Routing message 0x1 received. Routing message 0xc received. Interface address/MTU has probably changed. Routing message 0x1 received. Routing message 0x1 received. Routing message 0x3 received. I think here is again where natd enters the serious cone of confusion and starts relaying responses from the DNS server to its previous IP. In [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 Out [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to >>>>>>>>> [UDP] 207.69.100.110:53 -> 207.69.100.116:3980 In [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 Out [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.100.110:53 -> 207.69.100.116:3980 In [UDP] [UDP] 207.69.188.185:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.188.185:53 -> 207.69.100.116:3980 Out [UDP] [UDP] 207.69.188.185:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.100.110:50535 -> 207.69.100.116:3980 In [UDP] [UDP] 207.69.188.185:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.188.185:53 -> 207.69.100.116:3980 Out [UDP] [UDP] 207.69.188.185:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.100.110:50535 -> 207.69.100.116:3980 In [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 Out [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.100.110:53 -> 207.69.100.116:3980 In [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 Out [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.100.110:53 -> 207.69.100.116:3980 In [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 Out [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to [UDP] 207.69.100.110:53 -> 207.69.100.116:3980 In [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 aliased to [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 Out [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 aliased to [UDP] 207.69.100.110:53 -> 207.69.100.116:3981 In [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 aliased to [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 Out [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 aliased to [UDP] 207.69.100.110:53 -> 207.69.100.116:3981 In [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 aliased to [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 Out [UDP] [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 aliased to [UDP] 207.69.100.110:53 -> 207.69.100.116:3981 I think somewhere here another ppp session was dialed. However, natd continues to send out some DNS queries using its previous IP until it recognizes that the IP changed a few lines down. In [TCP] [TCP] 63.210.68.198:80 -> 207.69.100.52:1040 aliased to [TCP] 63.210.68.198:80 -> 207.69.100.52:1040 Out [TCP] [TCP] 207.69.100.52:1040 -> 63.210.68.198:80 aliased to [TCP] 207.69.100.52:1040 -> 63.210.68.198:80 Routing message 0x2 received. Routing message 0xd received. Out [UDP] [UDP] 192.168.0.10:3982 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.110:3982 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3982 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.110:3982 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3982 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.110:3982 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3982 -> 207.69.188.185:53 aliased to [UDP] 207.69.100.110:3982 -> 207.69.188.185:53 Out [UDP] [UDP] 192.168.0.10:3982 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.110:3982 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3982 -> 207.69.188.185:53 aliased to [UDP] 207.69.100.110:3982 -> 207.69.188.185:53 Out [UDP] [UDP] 192.168.0.10:3982 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.110:3982 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3983 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.110:3983 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3983 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.110:3983 -> 207.69.188.186:53 Out [UDP] [UDP] 192.168.0.10:3983 -> 207.69.188.186:53 aliased to [UDP] 207.69.100.110:3983 -> 207.69.188.186:53 Routing message 0x2 received. Routing message 0xd received. Routing message 0xc received. Interface address/MTU has probably changed. Routing message 0x1 received. Routing message 0xc received Marko To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?70574510802.20020207102129>