Community discussions

 
User avatar
kolorasta
Member Candidate
Member Candidate
Topic Author
Posts: 299
Joined: Sun Jun 25, 2006 11:55 pm
Location: Argentina

strange ips in connections

Fri Oct 26, 2007 4:36 pm

in firewall/connections I see this
Image
you may say it's normal, but my local network is 172.16.0.0/21
why connections for the ip 192.168.0.20 (which is supposed to be reserved for private ips) are shown???
Am I misunderstanding something?
 
User avatar
krigevr
Member Candidate
Member Candidate
Posts: 155
Joined: Mon Aug 20, 2007 7:02 pm
Location: South Africa

Re: strange ips in connections

Fri Oct 26, 2007 7:08 pm

I'm gonna assume there's a NAT gateway in there somewhere with an address of 192.168.0.20.
The addresses listed there looks to me like all connection originating from host or network behind 192.168.0.20.

... or not. :-)

-K
 
User avatar
kolorasta
Member Candidate
Member Candidate
Topic Author
Posts: 299
Joined: Sun Jun 25, 2006 11:55 pm
Location: Argentina

Re: strange ips in connections

Fri Oct 26, 2007 7:17 pm

my MT is natting a 172.16.0.0/21 network.
you can't find a 192.168.*.* in my whole config
 
User avatar
krigevr
Member Candidate
Member Candidate
Posts: 155
Joined: Mon Aug 20, 2007 7:02 pm
Location: South Africa

Re: strange ips in connections

Fri Oct 26, 2007 7:21 pm

*eek*

OK
That's uber ood.

Not even a router somewhere within your network?
What does a Traceroute say about that address?
 
User avatar
kolorasta
Member Candidate
Member Candidate
Topic Author
Posts: 299
Joined: Sun Jun 25, 2006 11:55 pm
Location: Argentina

Re: strange ips in connections

Fri Oct 26, 2007 8:04 pm

when i do a traceroute it tries to go through my wan interface and then TIMEOUT

i didn't mention that there are lot of routers in my network... there can be a 192.168.0.20 pc... but it is natted by the client router. i think there is no reason to appear in the connection list of my MT.
 
UniKyrn
Member Candidate
Member Candidate
Posts: 245
Joined: Fri Dec 24, 2004 9:27 pm
Location: Spokane, WA

Re: strange ips in connections

Fri Oct 26, 2007 8:10 pm

Is your NAT rule written so that it only NAT's your 172.16 source address, or is it NAT'ing anything on your internal interface that goes out your external interface? That 192.168 address is obviously being NAT'd or it wouldn't be talking to anybody. That's a pretty odd source and destination port combination collection as well.

I'm thinking you've got a NAT rule that is somehow written to accept any input address and somebody is running a P2P client using the 192.168 source address.

What's the timeout on established sessions? The difference between that and the 3:30 those sessions have left to timeout will tell you when the computer was last active.

You might put in a firewall rule to deliberately drop 192.168.0.0/16 also, or better yet, drop anything that isn't 172.16.0.0/21 on your internal port :)
 
User avatar
kolorasta
Member Candidate
Member Candidate
Topic Author
Posts: 299
Joined: Sun Jun 25, 2006 11:55 pm
Location: Argentina

Re: strange ips in connections

Fri Oct 26, 2007 10:42 pm

this is an EXPORT from my nat config
nothing strange... all done like it's said in the manual
# oct/26/2007 16:40:06 by RouterOS 2.9.48
# software id = ****
#
/ ip firewall nat 
add chain=srcnat action=masquerade out-interface=WAN src-address=172.16.0.0/21 \
    comment="masquerade" disabled=no 
add chain=srcnat action=accept dst-address=172.16.0.1 dst-port=80 protocol=tcp \
    comment="don't cache connection to router" disabled=no 
add chain=dstnat action=redirect to-ports=3128 in-interface=LANbridge \
    src-address=172.16.0.0/21 dst-port=80 protocol=tcp comment="web-proxy \
    redirect" disabled=no 

Who is online

Users browsing this forum: MSN [Bot] and 105 guests