I’ve implemented a gateway following the guidance and examples provided in the Linux IP Masquerade HOWTO (an excellent guide BTW) by David Ranch. In my case it is built using Woody with a 2.4 Kernel that I generated in order to utilize Netfilter with IPtables. The external interface utilizes PPPoE. It seems to work very well. However, I was recently running some experiments to try and troubleshoot some performance problems and opted to trace (tcpdump) packets flowing on the external interface. Under some circumstances, that I have yet figure out, I find my gateway machine originating SNMP packets. In that, these packets are absent from traces performed on the source machine as part of the same experiment. The destination addresses include 172.16.4.242 and 192.168.18.231. I’ve enclosed a sample below. Because my network uses the reserved Class A subnet address (10.x.x.x), these subnets are not of my making. Since they are also from the space reserved for private LANs (i.e., not valid assignments for the Internet) they are clearly erroneous. Fortunately, the adjacent router (address of my PPP partner) rejects them (returning ICMP Dest Unreachable messages). However, I’d like to stop sending them. I think I could probably get my FW to drop them but this seems like kind of a kludge. It would be better if they were never generated.
Does anyone know where they are coming from and/or how to turn them off?
Sincerely, David Gowdy
* * * Enclosure * * *
No. Time Source Destination Protocol Info 12 16.834838 70.108.83.244 172.16.4.242 SNMP GET SNMPv2-SMI::mib-2.25.3.2.1.5.1[Short Frame]
Frame 12 (127 bytes on wire, 96 bytes captured) Arrival Time: Oct 6, 2005 11:13:02.943211000 Time delta from previous packet: 1.209708000 seconds Time since reference or first frame: 16.834838000 seconds Frame Number: 12 Packet Length: 127 bytes Capture Length: 96 bytes Protocols in frame: eth:pppoes:ppp:ip:udp:snmp Ethernet II, Src: 3com_ff:0c:a8 (00:50:04:ff:0c:a8), Dst: Cisco_6f:91:08 (00:50:73:6f:91:08) Destination: Cisco_6f:91:08 (00:50:73:6f:91:08) Source: 3com_ff:0c:a8 (00:50:04:ff:0c:a8) Type: PPPoE Session (0x8864) PPP-over-Ethernet Session Version: 1 Type: 1 Code: Session Data Session ID: abaa Payload Length: 107 Point-to-Point Protocol Protocol: IP (0x0021) Internet Protocol, Src: 70.108.83.244 (70.108.83.244), Dst: 172.16.4.242 (172.16.4.242) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 105 Identification: 0x1cd8 (7384) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: UDP (0x11) Header checksum: 0xd349 [correct] Source: 70.108.83.244 (70.108.83.244) Destination: 172.16.4.242 (172.16.4.242) User Datagram Protocol, Src Port: 1029 (1029), Dst Port: snmp (161) Source port: 1029 (1029) Destination port: snmp (161) Length: 85 Checksum: 0xa7b9 Simple Network Management Protocol Version: 1 (0) Community: public PDU type: GET (0) Request Id: 0x00000026 Error Status: NO ERROR (0) Error Index: 0 Object identifier 1: 1.3.6.1.2.1.25.3.2.1.5.1 (SNMPv2-SMI::mib-2.25.3.2.1.5.1) Value: NULL [Short Frame: SNMP] |