odd fsockopen behavior

Re: odd fsockopen behavior

>Any IP address I try to open with fsockopen on a particular server[color=blue]
>seems to use another IP address instead.
>
>eg. I open a socket connection to 192.168.1.1 but the remote_addr that
>the other server sees is 192.168.1.255. It's as if, like I said, the
>IP address I supply to fsockopen is being replaced with another one.[/color]

NAT in a firewall or router?
Using a broadcast address for this is kinda wierd.

Describe your network topology, including all the routers and switches.
[color=blue]
>Anyway, this is breaking a script of mine. I don't think I can really
>do a lot in PHP to fix this but is there perhaps some way that I can
>detect it?[/color]

If there's NAT in use, you can't detect this just from the
server end. You'd have to ask (and trust) the client end to
give you what *it* thinks the IP address is. But Javascript
is often Turned Off (tm).
[color=blue]
>Is there some command line parameter that I can pass to
>passthru or something that'll tell me whether or not such a thing is
>happening?
>
>Also, how is this even being done? Could a firewall do this? If so,
>I'm still not even sure how it'd be done...[/color]

A firewall with NAT could definitely do this, although it seems its
configuration is a bit wierd.

Gordon L. Burditt

Re: odd fsockopen behavior


Gordon Burditt wrote:[color=blue]
> <snip>
> NAT in a firewall or router?
> Using a broadcast address for this is kinda wierd.
>
> Describe your network topology, including all the routers and switches.[/color]
It's remote web hosting on the GoDaddy.com hosting servers. Beyond
that, I don't know...
[color=blue]
> If there's NAT in use, you can't detect this just from the
> server end. You'd have to ask (and trust) the client end to
> give you what *it* thinks the IP address is. But Javascript
> is often Turned Off (tm).[/color]
Wouldn't using a SOCKS proxy or something yield false positives in that
case?

Also, would the gateway computer be the one responsible for the NAT?

Re: odd fsockopen behavior

>> <snip>[color=blue][color=green]
>> NAT in a firewall or router?
>> Using a broadcast address for this is kinda wierd.
>>
>> Describe your network topology, including all the routers and switches.[/color]
>It's remote web hosting on the GoDaddy.com hosting servers. Beyond
>that, I don't know...[/color]

If these servers are available for surfing to the public, and the
addresses you gave are real, there *MUST* be some NAT in there
somewhere, as the addresses are private ones, and the general public
can't route to them.
[color=blue][color=green]
>> If there's NAT in use, you can't detect this just from the
>> server end. You'd have to ask (and trust) the client end to
>> give you what *it* thinks the IP address is. But Javascript
>> is often Turned Off (tm).[/color]
>Wouldn't using a SOCKS proxy or something yield false positives in that
>case?[/color]

Yes, although it's unclear in my mind whether that would be a FALSE
positive or a TRUE positive.
[color=blue]
>Also, would the gateway computer be the one responsible for the NAT?[/color]

Nobody said the gateway is a computer. It might be a Cisco router,
or a DSL modem/router.

Gordon L. Burditt