Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 7 Feb 2002 10:21:29 -0500
From:      "Marko" <markovich@mindspring.com>
To:        Ian <freebsd@damnhippie.dyndns.org>
Cc:        freebsd-hackers <freebsd-hackers@freebsd.org>
Subject:   Re[6]: natd UDP errors with PPP demand dial
Message-ID:  <70574510802.20020207102129@mindspring.com>
In-Reply-To: <B8874137.9D30%freebsd@damnhippie.dyndns.org>
References:  <B8874137.9D30%freebsd@damnhippie.dyndns.org>

next in thread | previous in thread | raw e-mail | index | archive | help
>>
>> I  think  I  have to stick with the conventional setup, and go back to
>> trying to answer my original questions:
>> 
>> 1. Why is the machine trying to send packets to its own previous IP?
>> 2. How do I stop that?

I> Well, for some brute-force debugging, maybe you can get some extra clues by
I> manually running natd -v in a console rather than running it as a daemon.
I> The -v output shows each packet being aliased, and also shows the activity
I> on the routing socket that it's monitoring for the -dynamic stuff.

I> -- Ian

Thanks, Ian. That's a good idea. When I did the above, I saw that natd
enters  some  kind  of  a confused state after the IP change. I really
don't   see  why it's doing that, or how to stop it. Is there someone,
perhaps, from the natd development group that I should ask.

What  I  did was just start from a link down state. Then I requested a
connection  for  email  from  my  workstation,  waited for the link to
disconnect again, and repeated the process a few times.

The actors here are:

my workstation 192.168.0.10

the firewall machine tun0 (depending on the ppp session)
207.69.102.20
207.69.100.116
207.69.100.110
207.69.100.52

Earthlink mail server
207.69.200.225

Earthlink DNS
207.69.188.185
207.69.188.186

Some web server said a couple of lines
63.210.68.198:80


Out [TCP]  [TCP] 192.168.0.10:3978 -> 207.69.200.225:110 aliased to
           [TCP] 207.69.102.20:3978 -> 207.69.200.225:110
In  [TCP]  [TCP] 207.69.200.225:110 -> 207.69.102.20:3978 aliased to
           [TCP] 207.69.200.225:110 -> 192.168.0.10:3978
Out [TCP]  [TCP] 192.168.0.10:3978 -> 207.69.200.225:110 aliased to
           [TCP] 207.69.102.20:3978 -> 207.69.200.225:110
In  [TCP]  [TCP] 207.69.200.225:110 -> 207.69.102.20:3978 aliased to
           [TCP] 207.69.200.225:110 -> 192.168.0.10:3978

Above  is where I think the end of one ppp session is.  My workstation
is finishing talking with the mail server.
I think the next ppp session is dialed here somewhere.

Routing message 0x2 received.
Routing message 0xd received.
Out [TCP]  [TCP] 192.168.0.10:3979 -> 207.69.200.225:110 aliased to
           [TCP] 207.69.102.20:3979 -> 207.69.200.225:110
Out [TCP]  [TCP] 192.168.0.10:3979 -> 207.69.200.225:110 aliased to
           [TCP] 207.69.102.20:3979 -> 207.69.200.225:110
Out [TCP]  [TCP] 192.168.0.10:3979 -> 207.69.200.225:110 aliased to
           [TCP] 207.69.102.20:3979 -> 207.69.200.225:110
Routing message 0x2 received.
Routing message 0xd received.
Routing message 0xc received.
Interface address/MTU has probably changed.
Routing message 0x1 received.
Routing message 0xc received.
Interface address/MTU has probably changed.
Routing message 0x1 received.
Routing message 0x1 received.
Routing message 0x3 received.

I see that the IP changed above and natd recognized that Here is where
natd  enters  the cone of confusion.  It starts relaying messages from
the mail server to its previous IP.

In  [TCP]  [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 aliased to
           [TCP] 207.69.200.225:110 -> 207.69.102.20:3979
Out [TCP]  [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 aliased to
>>>>>>>>   [TCP] 207.69.100.116:110 -> 207.69.102.20:3979
In  [TCP]  [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 aliased to
           [TCP] 207.69.200.225:110 -> 207.69.102.20:3979
Out [TCP]  [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 aliased to
           [TCP] 207.69.100.116:110 -> 207.69.102.20:3979
In  [TCP]  [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 aliased to
           [TCP] 207.69.200.225:110 -> 207.69.102.20:3979
Out [TCP]  [TCP] 207.69.200.225:110 -> 207.69.102.20:3979 aliased to
           [TCP] 207.69.100.116:110 -> 207.69.102.20:3979
In  [TCP]  [TCP] 207.69.102.20:3979 -> 207.69.100.116:110 aliased to
           [TCP] 207.69.102.20:3979 -> 207.69.200.225:110
Out [TCP]  [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 aliased to
           [TCP] 207.69.102.20:3979 -> 207.69.200.225:110
In  [TCP]  [TCP] 207.69.102.20:3979 -> 207.69.100.116:110 aliased to
           [TCP] 207.69.102.20:3979 -> 207.69.200.225:110
Out [TCP]  [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 aliased to
           [TCP] 207.69.102.20:3979 -> 207.69.200.225:110
In  [TCP]  [TCP] 207.69.102.20:3979 -> 207.69.100.116:110 aliased to
           [TCP] 207.69.102.20:3979 -> 207.69.200.225:110
Out [TCP]  [TCP] 207.69.102.20:3979 -> 207.69.200.225:110 aliased to
           [TCP] 207.69.102.20:3979 -> 207.69.200.225:110

I  don't  understand  at all what happens above.  The machine seems to
try  to  talk to the mail server for a while using its previous IP.  I
think  the next ppp session dialup happens here.  It seems the machine
tries to send some DNS queries using its previous IP.

Routing message 0x2 received.
Routing message 0xd received.
Out [UDP]  [UDP] 192.168.0.10:3980 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.116:3980 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3980 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.116:3980 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3980 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.116:3980 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3980 -> 207.69.188.185:53 aliased to
           [UDP] 207.69.100.116:3980 -> 207.69.188.185:53
Out [UDP]  [UDP] 192.168.0.10:3980 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.116:3980 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3980 -> 207.69.188.185:53 aliased to
           [UDP] 207.69.100.116:3980 -> 207.69.188.185:53
Out [UDP]  [UDP] 192.168.0.10:3980 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.116:3980 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3981 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.116:3981 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3981 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.116:3981 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3981 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.116:3981 -> 207.69.188.186:53
Routing message 0x2 received.
Routing message 0xd received.
Routing message 0xc received.
Interface address/MTU has probably changed.
Routing message 0x1 received.
Routing message 0xc received.
Interface address/MTU has probably changed.
Routing message 0x1 received.
Routing message 0x1 received.
Routing message 0x3 received.

I  think here is again where natd enters the serious cone of confusion
and starts relaying responses from the DNS server to its previous IP.

In  [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.188.186:53 -> 207.69.100.116:3980
Out [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to
>>>>>>>>>  [UDP] 207.69.100.110:53 -> 207.69.100.116:3980
In  [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.188.186:53 -> 207.69.100.116:3980
Out [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.100.110:53 -> 207.69.100.116:3980
In  [UDP]  [UDP] 207.69.188.185:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.188.185:53 -> 207.69.100.116:3980
Out [UDP]  [UDP] 207.69.188.185:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.100.110:50535 -> 207.69.100.116:3980
In  [UDP]  [UDP] 207.69.188.185:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.188.185:53 -> 207.69.100.116:3980
Out [UDP]  [UDP] 207.69.188.185:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.100.110:50535 -> 207.69.100.116:3980
In  [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.188.186:53 -> 207.69.100.116:3980
Out [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.100.110:53 -> 207.69.100.116:3980
In  [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.188.186:53 -> 207.69.100.116:3980
Out [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.100.110:53 -> 207.69.100.116:3980
In  [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.188.186:53 -> 207.69.100.116:3980
Out [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3980 aliased to
           [UDP] 207.69.100.110:53 -> 207.69.100.116:3980
In  [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 aliased to
           [UDP] 207.69.188.186:53 -> 207.69.100.116:3981
Out [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 aliased to
           [UDP] 207.69.100.110:53 -> 207.69.100.116:3981
In  [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 aliased to
           [UDP] 207.69.188.186:53 -> 207.69.100.116:3981
Out [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 aliased to
           [UDP] 207.69.100.110:53 -> 207.69.100.116:3981
In  [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 aliased to
           [UDP] 207.69.188.186:53 -> 207.69.100.116:3981
Out [UDP]  [UDP] 207.69.188.186:53 -> 207.69.100.116:3981 aliased to
           [UDP] 207.69.100.110:53 -> 207.69.100.116:3981

I  think somewhere here another ppp session was dialed.  However, natd
continues  to send out some DNS queries using its previous IP until it
recognizes that the IP changed a few lines down.

In  [TCP]  [TCP] 63.210.68.198:80 -> 207.69.100.52:1040 aliased to
           [TCP] 63.210.68.198:80 -> 207.69.100.52:1040
Out [TCP]  [TCP] 207.69.100.52:1040 -> 63.210.68.198:80 aliased to
           [TCP] 207.69.100.52:1040 -> 63.210.68.198:80
Routing message 0x2 received.
Routing message 0xd received.
Out [UDP]  [UDP] 192.168.0.10:3982 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.110:3982 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3982 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.110:3982 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3982 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.110:3982 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3982 -> 207.69.188.185:53 aliased to
           [UDP] 207.69.100.110:3982 -> 207.69.188.185:53
Out [UDP]  [UDP] 192.168.0.10:3982 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.110:3982 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3982 -> 207.69.188.185:53 aliased to
           [UDP] 207.69.100.110:3982 -> 207.69.188.185:53
Out [UDP]  [UDP] 192.168.0.10:3982 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.110:3982 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3983 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.110:3983 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3983 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.110:3983 -> 207.69.188.186:53
Out [UDP]  [UDP] 192.168.0.10:3983 -> 207.69.188.186:53 aliased to
           [UDP] 207.69.100.110:3983 -> 207.69.188.186:53
Routing message 0x2 received.
Routing message 0xd received.
Routing message 0xc received.
Interface address/MTU has probably changed.
Routing message 0x1 received.
Routing message 0xc received


Marko


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?70574510802.20020207102129>