Discussion:
Modify one PTR in existing bind9 setup?
Michelle Konzack
2011-06-22 15:07:32 UTC
Permalink
Hello *,

I have a hardware DSL/GSM Router where I can not change the setings for
the 2 NTP servers, because they are hardcoded.

All I can do is to change the two NameServers to my <dns1> and <dns2> or
my internal <dns.private> server where I could setup IPT.

Now seting up PTR zones where those NTPs resides does not work, because
all other IPs would not more have a working PTR record.

So, my question is:

How can I capture the two hardcoded IPs from the DSL/GSM Router and
redirect it to my own NTP-Server?

Note: This bullshit router of my ISP does SEND more date then only the
NTP-Request and this is WHY I wan to intercept this crap.

If I should use IPT, how must the rules look like?

The current setup is:

<***@tamay-dogan.net>-+ +--<dns.private>
<***@tamay-dogan.net>-+ +--<ntp.private>
| +--<samba.private>
INTERNET +---- router with a ----+
| crappy NTP Client +--<michelle1.private>
<ntp1_by_IP>-----------+ +--<devel.private>
<ntp2_by_IP>-----------+
capturing uncontrolled
data from my router

and the traffic goes currently from the router to the TWO <ntp*_by_IP>.
Now I need to redirect the NTP traffic to <ntp.private> which is a DCF77
receiver.

Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux

***@tdnet France ***@tdnet
Owner Michelle Konzack Owner Michelle Konzack

Apt. 917 (homeoffice) Gewerbe Strasse 3
50, rue de Soultz 77694 Kehl/Germany
67100 Strasbourg/France Tel office: +49-176-86004575
Tel mobil: +33-6-61925193 Tel mobil: +49-177-9351947

<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>

Jabber ***@jabber.ccc.de

Linux-User #280138 with the Linux Counter, http://counter.li.org/
Pascal Hambourg
2011-06-22 17:33:07 UTC
Permalink
Hello,
Post by Michelle Konzack
I have a hardware DSL/GSM Router where I can not change the setings for
the 2 NTP servers, because they are hardcoded.
Hardcoded by IP address or host name ?
Post by Michelle Konzack
All I can do is to change the two NameServers to my <dns1> and <dns2> or
my internal <dns.private> server where I could setup IPT.
What's IPT ? iptables ?
Post by Michelle Konzack
Now seting up PTR zones where those NTPs resides does not work, because
all other IPs would not more have a working PTR record.
You can setup a reverse zone for a single address/PTR record. But what's
the point ?
Post by Michelle Konzack
How can I capture the two hardcoded IPs from the DSL/GSM Router and
redirect it to my own NTP-Server?
--
To UNSUBSCRIBE, email to debian-firewall-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/***@plouf.fr.eu.org
Michelle Konzack
2011-06-22 18:01:18 UTC
Permalink
Hello Pascal Hambourg,
Post by Pascal Hambourg
Hello,
Post by Michelle Konzack
I have a hardware DSL/GSM Router where I can not change the setings for
the 2 NTP servers, because they are hardcoded.
Hardcoded by IP address or host name ?
In my <dns1.private> I see my hardware router querying for the PTR of
the two IP-Addresses.
Post by Pascal Hambourg
What's IPT ? iptables ?
iptables
Post by Pascal Hambourg
You can setup a reverse zone for a single address/PTR record. But what's
the point ?
I need a possibility to catch and forward two, from me uncontrolled IPs,
to my NTP server.

Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux

***@tdnet France ***@tdnet
Owner Michelle Konzack Owner Michelle Konzack

Apt. 917 (homeoffice) Gewerbe Straße 3
50, rue de Soultz 77694 Kehl/Germany
67100 Strasbourg/France Tel: +49-177-9351947 mobil
Tel: +33-6-61925193 mobil Tel: +49-176-86004575 office

<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>

Jabber ***@jabber.ccc.de
ICQ #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/
Jean-Daniel FISCHER
2011-06-22 18:36:58 UTC
Permalink
Hello,

This is a crappy solution but you could try to add hardcoded routes
for these two IPs that send the traffic back toward your NTP server
into your router. At the same time you could told to your NTP server to
consider this two IPs as alias.

JD
Post by Michelle Konzack
Hello Pascal Hambourg,
Post by Pascal Hambourg
Hello,
Post by Michelle Konzack
I have a hardware DSL/GSM Router where I can not change the setings for
the 2 NTP servers, because they are hardcoded.
Hardcoded by IP address or host name ?
In my<dns1.private> I see my hardware router querying for the PTR of
the two IP-Addresses.
Post by Pascal Hambourg
What's IPT ? iptables ?
iptables
Post by Pascal Hambourg
You can setup a reverse zone for a single address/PTR record. But what's
the point ?
I need a possibility to catch and forward two, from me uncontrolled IPs,
to my NTP server.
Thanks, Greetings an
d nice Day/Evening
Post by Michelle Konzack
Michelle Konzack
--
To UNSUBSCRIBE, email to debian-firewall-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/***@gmail.com
Pascal Hambourg
2011-06-22 19:06:21 UTC
Permalink
Post by Jean-Daniel FISCHER
This is a crappy solution but you could try to add hardcoded routes
for these two IPs that send the traffic back toward your NTP server
into your router. At the same time you could told to your NTP server to
consider this two IPs as alias.
It's a smart idea.
Post by Jean-Daniel FISCHER
Post by Michelle Konzack
Post by Pascal Hambourg
Post by Michelle Konzack
I have a hardware DSL/GSM Router where I can not change the setings for
the 2 NTP servers, because they are hardcoded.
Hardcoded by IP address or host name ?
In my<dns1.private> I see my hardware router querying for the PTR of
the two IP-Addresses.
Post by Pascal Hambourg
You can setup a reverse zone for a single address/PTR record. But what's
the point ?
I need a possibility to catch and forward two, from me uncontrolled IPs,
to my NTP server.
If the NTP servers are hardcoded by IP address, I can't see how mangling
the reverse PTR record could help. Reverse PTR records are mostly only
informative.
--
To UNSUBSCRIBE, email to debian-firewall-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/***@plouf.fr.eu.org
lee
2011-06-22 20:48:58 UTC
Permalink
Post by Michelle Konzack
In my <dns1.private> I see my hardware router querying for the PTR of
the two IP-Addresses.
When the router is already asking <dns1.private> for the IP addresses of
the NTP servers the router wants to connect to, what prevents you from
making DNS entries on <dns1.private> which will resolve the queries of
the router to the IP addresses of your private NTP server?
Michelle Konzack
2011-06-22 23:12:48 UTC
Permalink
Hello lee,
Post by lee
When the router is already asking <dns1.private> for the IP addresses of
the NTP servers the router wants to connect to, what prevents you from
making DNS entries on <dns1.private> which will resolve the queries of
the router to the IP addresses of your private NTP server?
Because this route makes weird traffic. Since the router OS it is not
Linux based I can not do very much as analyzing as best as possibel.

It seems, the router has hardcoded routes and if I tell it to use
<dns1.private> it makes lookups on it, but then I get connections from
my router else where... asking for <178.63.64.14> and <109.75.190.27>.

Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux

***@tdnet France ***@tdnet
Owner Michelle Konzack Owner Michelle Konzack

Apt. 917 (homeoffice) Gewerbe Straße 3
50, rue de Soultz 77694 Kehl/Germany
67100 Strasbourg/France Tel: +49-177-9351947 mobil
Tel: +33-6-61925193 mobil Tel: +49-176-86004575 office

<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>

Jabber ***@jabber.ccc.de
ICQ #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/
lee
2011-06-23 13:23:00 UTC
Permalink
Post by Michelle Konzack
Hello lee,
Post by lee
When the router is already asking <dns1.private> for the IP addresses of
the NTP servers the router wants to connect to, what prevents you from
making DNS entries on <dns1.private> which will resolve the queries of
the router to the IP addresses of your private NTP server?
Because this route makes weird traffic. Since the router OS it is not
Linux based I can not do very much as analyzing as best as possibel.
It seems, the router has hardcoded routes and if I tell it to use
<dns1.private> it makes lookups on it, but then I get connections from
my router else where... asking for <178.63.64.14> and <109.75.190.27>.
,---- [ Message-ID: <***@michelle1> ]
| The current setup is:
|
| <***@tamay-dogan.net>-+ +--<dns.private>
| <***@tamay-dogan.net>-+ +--<ntp.private>
| | +--<samba.private>
| INTERNET +---- router with a ----+
| | crappy NTP Client +--<michelle1.private>
| <ntp1_by_IP>-----------+ +--<devel.private>
| <ntp2_by_IP>-----------+
| capturing uncontrolled
| data from my router
`----


As long as your router is connected to the internet directly, I think
there isn´t anything you could do to prevent it from making connections
to hosts on the internet the way it wants to, unless you can make
settings in the router itself that would prevent it from doing so.

I don´t understand what this has to do with routing:


1.) If the router uses IP addresses of NTP servers instead of looking up
the IPs by hostnames, it doesn´t need to query your name server.

2.) If it queries your name server for IP addresses of NTP servers,
receives the IP addresses of them and then still connects to
different IP addresses than those given by your name server to send
NTP requests to, the router is broken (Or perhaps restarting it
helps?).


That leaves you with some options, listed in no particular order:


1.) replace the router

2.) Omit the router and use one of the hosts on the right side of your
schematic to replace it.

3.) Don´t connect the router to the internet directly but through one of
the hosts on the left side of your schematic. The host would capture
the NTP traffic and operate as a router for the router. (probably
not feasible)

4.) like 3.), but connecting the router to one of the hosts on the right
rather than on the left side

5.) leave it as it is

6.) turn off NTP in the router

7.) Make the manufacturer of the router fix the NTP client.

8.) If the router allows you to set static routes, set static routes for
the two IPs it sends NTP requests to. Add two network cards to one
of the hosts on the right side the static routes point to and give
them the IPs the router is sending its requests to. Attaching two
more IPs to an existing network card should suffice, though. The
disadvantage is that the hosts outside of your network which have
these IPs become unreachable from inside your network.
Bastian Blank
2011-06-23 16:19:15 UTC
Permalink
Post by Michelle Konzack
I have a hardware DSL/GSM Router where I can not change the setings for
the 2 NTP servers, because they are hardcoded.
What is your problem? If they properly use [0-3].$vendor.pool.ntp.org,
there is nothing really to fear. Except that it just works.
Post by Michelle Konzack
All I can do is to change the two NameServers to my <dns1> and <dns2> or
my internal <dns.private> server where I could setup IPT.
What happens if it is down?
Post by Michelle Konzack
How can I capture the two hardcoded IPs from the DSL/GSM Router and
redirect it to my own NTP-Server?
Routing. But if they really hardcore _IPs_, they have to be punished
with http://www.pool.ntp.org/da/vendors.html

Bastian
Post by Michelle Konzack
Note: This bullshit router of my ISP does SEND more date then only the
NTP-Request and this is WHY I wan to intercept this crap.
What sort of crap?
Post by Michelle Konzack
If I should use IPT, how must the rules look like?
"IPT"?

Bastian
--
The idea of male and female are universal constants.
-- Kirk, "Metamorphosis", stardate 3219.8
Chris Davies
2011-06-23 21:36:02 UTC
Permalink
Post by Bastian Blank
Routing. But if they really hardcore _IPs_, they have to be punished
with http://www.pool.ntp.org/da/vendors.html
Why should the Pool be relevant here? Perhaps the router manufacturer
has provided two NTP servers of its own, for its own devices.

Chris
Michelle Konzack
2011-06-25 11:23:34 UTC
Permalink
Hello Chris Davies,
Post by Chris Davies
Why should the Pool be relevant here? Perhaps the router manufacturer
has provided two NTP servers of its own, for its own devices.
Right and it seems to collect other infos from the Router. Unfortnately
I can not re-router the 2 outgoung destination IPs to the internal
network to catch and analyse the traffic.

If the USB-GSM/UMTS-Stick would work for Data and VoIP connections in
the same time, I would use a small ARM Box which does the job. Even a
20 Euro Seagate DockStar would be enough using the Huawei K3765-HV and
an USB Ethernet stick.

Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux

***@tdnet France ***@tdnet
Owner Michelle Konzack Owner Michelle Konzack

Apt. 917 (homeoffice) Gewerbe Straße 3
50, rue de Soultz 77694 Kehl/Germany
67100 Strasbourg/France Tel: +49-177-9351947 mobil
Tel: +33-6-61925193 mobil Tel: +49-176-86004575 office

<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>

Jabber ***@jabber.ccc.de
ICQ #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/
Loading...