Local vs. Remote IP Addresses

All:

I have a Linux box that is directly connected to an ISP via a PPP
connection. The IP addresses are dynamic, but for the purposes of
discussion let's say that the Local IP address from the ISP is a.b.c.d and
the remote IP address is a.b.c.e.

I have set up a TCP socket using Perl and will ultimately have Java clients
connect to the sockets over the Internet. I ran a ping test today with a
friend out there in the cloud to see if we could "see" each other. I did
this while I ran a packet sniffer in order to monitor the activity. When
a.b.c.d was pinged I was able to see the activity in my sniffer but the
person who was pinging didn't get a response. When a.b.c.e was pinged, I
didn't see any activity but the "pinger" got a full response.

The results are a bit puzzling. Can someone please let me know which of the
IP addresses is the proper one to use?

We also tried an experiment where his Java socket attempted to speak with my
host socket through a designated port but the java socket timed out with
both IP addresses. On the host/Perl socket side, I have written a client
which communicates properly with the server, but both are on localhost, so
the test is insufficient.

Please advise.

Thanks in advance.

Moose

On 18 Aug 2003 04:19:45 GMT, mooseshoes <(E-Mail Removed)> wrote:
> All:
>
> I have a Linux box that is directly connected to an ISP via a PPP
> connection. The IP addresses are dynamic, but for the purposes of
> discussion let's say that the Local IP address from the ISP is a.b.c.d and
> the remote IP address is a.b.c.e.
>
> I have set up a TCP socket using Perl and will ultimately have Java clients
> connect to the sockets over the Internet. I ran a ping test today with a
> friend out there in the cloud to see if we could "see" each other. I did
> this while I ran a packet sniffer in order to monitor the activity. When
> a.b.c.d was pinged I was able to see the activity in my sniffer but the
> person who was pinging didn't get a response. When a.b.c.e was pinged, I
> didn't see any activity but the "pinger" got a full response.
>
> The results are a bit puzzling. Can someone please let me know which of the
> IP addresses is the proper one to use?

To access your box from the internet, you have to use the local IP on your
end of the ppp connection (a.b.c.d in this case)

> We also tried an experiment where his Java socket attempted to speak with my
> host socket through a designated port but the java socket timed out with
> both IP addresses. On the host/Perl socket side, I have written a client
> which communicates properly with the server, but both are on localhost, so
> the test is insufficient.

Whether you know it or not, you may have a firewall up and it might be set
to NOT answer pings (which is good for remaining invisible and minimize
DoS attacks, but not necessarily for troubleshooting). This could also
explain why they could not connect to your java socket. You have to open
a hole in the firewall (INPUT chain) to accept that port and/or protocol.

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

David:

Good stuff. Thanks so much for your guidance. I configured my Mandrake 9.1
firewall software to allow data to pass on the specified ports, and relaxed
some of the levels. I'm still having trouble with external pings, however,
and I'm not certain as to why.

After some digging I tracked down an iptables command that should have
helped:

iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

Even after issuing this command all of the external pings come in but no
replies go out and they timeout on the clients.

A "cat /proc/sys/net/ipv4/icmp_echo_ignore_all" command yields a "0" as
output.

Do you (or anyone else reading this) have any other suggestion to help me to
reply to pings?

Thanks in advance.

Moose

On 18 Aug 2003 23:59:47 GMT, mooseshoes <(E-Mail Removed)> wrote:
> David:
>
> Good stuff. Thanks so much for your guidance. I configured my Mandrake 9.1
> firewall software to allow data to pass on the specified ports, and relaxed
> some of the levels. I'm still having trouble with external pings, however,
> and I'm not certain as to why.
>
> After some digging I tracked down an iptables command that should have
> helped:
>
> iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
>
> Even after issuing this command all of the external pings come in but no
> replies go out and they timeout on the clients.
>
> A "cat /proc/sys/net/ipv4/icmp_echo_ignore_all" command yields a "0" as
> output.
>
> Do you (or anyone else reading this) have any other suggestion to help me to
> reply to pings?

I have not really learned enough about iptables because SuSE makes it all
too easy, but sometimes you have to insert (-I) rules to allow things,
because -A may append them after existing rules that already deny that.

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/