Internal IPs leaking past masqerade gateway

Mark Dobossy mark.dobossy at gmail.com
Tue Nov 29 01:07:03 CET 2005


I am having some issues with my internal IP's being leaked through my
gateway, to a few specific IP addresses.  I have tried both "rolling
my own" iptables setup (very simple, only port 80 open, using either
masquerade or SNAT), as well as the ipkungfu script, and see the issue
across either way, and even on multiple machines/distros.

The issue in question occurs when visiting
http://forums.corvetteforum.com.  One of their "ad" suppliers has the
ip address, 66.110.24.220.  Connections to this IP are leaving my
external device with my internal IP.  This was verified both from logs
from my network admin's router, as well as by using ethereal on the
gateway machine, and analyzing eth1 (external device) for any packets
leaving with a source of 192.168.2.0/24.  I only see connections to
this particular IP with the internal address (every thing else leaves
with the correct, external IP).

For now, I have simply banned this IP, but I am afraid it may start
occuring elsewhere, and the network admin has threatened to kick this
box off the network if it happens again.  Is there a rule to disallow
any outgoing network connection with an internal IP?  Why would
masquerading be allowing this?  I am pretty confused.

I am currently running Mandriva 2006, with the 2.6.12 kernel, and
would be happy to supply any other info that may be necessary to solve
this.

-Mark



More information about the netfilter mailing list