I’ve implemented a gateway following the guidance and examples provided in the Linux IP Masquerade HOWTO (an excellent guide BTW) by David Ranch. In my case it is built using Woody with a 2.4 Kernel that I generated in order to utilize Netfilter with IPtables. The external interface utilizes PPPoE. It seems to work very well. However, I was recently running some experiments to try and troubleshoot some performance problems and opted to trace (tcpdump) packets flowing on the external interface. Under some circumstances, that I have yet figure out, I find my gateway machine originating SNMP packets. In that, these packets are absent from traces performed on the source machine as part of the same experiment. The destination addresses include 172.16.4.242 and 192.168.18.231. I’ve enclosed a sample below. Because my network uses the reserved Class A subnet address (10.x.x.x), these subnets are not of my making. Since they are also from the space reserved for private LANs (i.e., not valid assignments for the Internet) they are clearly erroneous. Fortunately, the adjacent router (address of my PPP partner) rejects them (returning ICMP Dest Unreachable messages). However, I’d like to stop sending them. I think I could probably get my FW to drop them but this seems like kind of a kludge. It would be better if they were never generated.
Does anyone know where they are coming from and/or how to turn them off?
Sincerely, David Gowdy
* * * Enclosure * * *
No. Time Source Destination Protocol Info
12 16.834838 70.108.83.244 172.16.4.242 SNMP GET SNMPv2-SMI::mib-2.25.3.2.1.5.1[Short Frame]
Frame 12 (127 bytes on wire, 96 bytes captured)
Arrival Time: Oct 6, 2005 11:13:02.943211000
Time delta from previous packet: 1.209708000 seconds
Time since reference or first frame: 16.834838000 seconds
Frame Number: 12
Packet Length: 127 bytes
Capture Length: 96 bytes
Protocols in frame: eth:pppoes:ppp:ip:udp:snmp
Ethernet II, Src: 3com_ff:0c:a8 (00:50:04:ff:0c:a8), Dst: Cisco_6f:91:08 (00:50:73:6f:91:08)
Destination: Cisco_6f:91:08 (00:50:73:6f:91:08)
Source: 3com_ff:0c:a8 (00:50:04:ff:0c:a8)
Type: PPPoE Session (0x8864)
PPP-over-Ethernet Session
Version: 1
Type: 1
Code: Session Data
Session ID: abaa
Payload Length: 107
Point-to-Point Protocol
Protocol: IP (0x0021)
Internet Protocol, Src: 70.108.83.244 (70.108.83.244), Dst: 172.16.4.242 (172.16.4.242)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 105
Identification: 0x1cd8 (7384)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: UDP (0x11)
Header checksum: 0xd349 [correct]
Source: 70.108.83.244 (70.108.83.244)
Destination: 172.16.4.242 (172.16.4.242)
User Datagram Protocol, Src Port: 1029 (1029), Dst Port: snmp (161)
Source port: 1029 (1029)
Destination port: snmp (161)
Length: 85
Checksum: 0xa7b9
Simple Network Management Protocol
Version: 1 (0)
Community: public
PDU type: GET (0)
Request Id: 0x00000026
Error Status: NO ERROR (0)
Error Index: 0
Object identifier 1: 1.3.6.1.2.1.25.3.2.1.5.1 (SNMPv2-SMI::mib-2.25.3.2.1.5.1)
Value: NULL
[Short Frame: SNMP]
No comments:
Post a Comment