Re: Dial on demand

From: Frank Millman (frank_at_chagford.com)
Date: 09/28/05 

Date: 28 Sep 2005 03:04:04 -0700

Moe Trin wrote:
> In the Usenet newsgroup comp.os.linux.setup, in article
> <1127828989.110260.93260@g47g2000cwa.googlegroups.com>, Frank Millman wrote:
>
> >This is what tcpdump showed -
> >
> >'11:45:15 IP 155.239.110.127 > 224.0.0.22: igmp v3 report, 1 group record(s)'
>
> OK - that's RFC3376 "Internet Group Management Protocol, Version 3"
>
> You have something that is interested in receiving Multicast. This could
> be something like RealAudio, or similar. You could change your tcpdump
> command to increase the length of the packet you are grabbing (the
> default is 68 bytes) with the -s option to '-s 256' - that should tell
> you which multicast connection you are looking for.
>

Found it - thanks! I found it by selectively disabling services until
it stopped. It turns out that it was a combination of mDNSResponder and
nifd. If both of these are running, it sends the request. If either of
them are off, it does not. They both seem to have something to do with
Howl (whatever that is), which I am not using, so I turned them both
off. I also turned off a number of other services which seemed
redundant, so it was a good exercise.

> >It is running IP-Masquerading, which I have set up according to the
> >latest HOWTO, as I want to use the machine as an internet server for a
> >small lan.
>
> When you say 'internet server', do you mean running a server (web, ftp,
> or whatever) for use by clients out here, or do you mean providing
> internet services to your LAN - allowing them to access the world. The
> first is a lot harder and more risky than the second.
>

Definitely the second. Even that is a bit risky, but I found the
IP-Masquerade HOWTO invaluable in giving advice on protecting yourself.

Many thanks for your assistance.

Frank