Linux IP Masquerade

Information on TCPDeath due to ipautofw

The following information is provided by Kirk MacManus

TCPDeath is caused by ipautofw (from recent deveolpments, and a new understanding of tcpdump) I was able to find the problem here is an example that should make it obvious as you probably know, sockets made for connecting use ports chosen by the operating system 99% of the time the ports are chosen sequentially starting from 1024(somewhere around that) and ending at 32767 I had ipautofw set to forward ports 2000-4000 to a win95 machine(for icq, but thats not important) as linux makes its ports it eventually gets up to ports 2000-4000.

We'll call the ip masq machine "marvin".
Lets say I wanted to telnet to bob (port 21 <- doesnt matter destination port) root@marvin> telnet bob My system binds to port 2056 (or anything between 2000 and 4000) and sends the connect request packet to bob:21
bob:21 receives the packet and sends an ack, back to marvin:2056 marvin, being told to forward 2000-4000 to my win95 machine, sees the packet on port 2056, and sends the ack to the win95 machine.

My telnet never sees the ack and the win95 machine just ignores it, so the telnet is dead waiting for the ack that it will never receive, my telnet fix basically just used a lot of ports until it was past 4000, then it would just use ports normally up to 32767 and then roll back down to 1024 and start over.

I decided to only forward 25 ports for icq, that way I'll barely notice tcpdeath :)


[Back to IP Masquerade Resource]
All rights reserved for their respective owners.