[THIN] Re: OT - IP address
- From: "Lambert, Ryan" <rlambert@xxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 28 Oct 2004 09:03:10 -0400
That's odd.
I was a bit interested by this, never took any time to look at it before.
Maybe the correct solution is for Metaframe to take the client address out
of the IP header rather than the actual "Data"?
Seems like that is what is happening when looking at the traffic over the
wire.
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Bill Beckett
Sent: Wednesday, October 27, 2004 1:17 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: OT - IP address
Thanks for the input Tim, Mark.
-----Original Message-----
From: Tim Mangan [mailto:tmangan@xxxxxxxxxxxx]
Sent: Wednesday, October 27, 2004 1:18 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT - IP address
The "correct" solution doesn't exist (as far as I know). That would be to
fix the NAT feature of the home firewall to be able to do address
translation above the IP level. Unfortunately there are way too many
protocols out there to delve up. Perhaps with a linux based router someone
could hack up a specific RDP/ICA fix.
By the way, if the user uses a VPN to connect in from home, you might be
able to use the Client Name associated with the disconnected session to
obtain the ISP address for a short while.
tim
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Mark Cook
Sent: Wednesday, October 27, 2004 9:54 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: OT - IP address
Yup, the ICA (& RDP) protocol API's all report the actual IP address of the
connecting client and not the IP address that is being routed through in
this case ! It suck's but that's how the protocol works unfortunately. You
can't even tracert them because it's not a valid IP address, unless anyone
know's a way to ID the IP of the connecting router involved and if so I'd
love to know how (obviously you can trawl though Winsock call's and inet
stuff but is there a higher level way to achieve this) ?
Mark
-----Original Message-----
From: Bill Beckett [mailto:Bill.beckett@xxxxxxxxxxxxxxxxx]
Sent: 27 October 2004 14:10
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] OT - IP address
Just wanted to know if anyone has any thoughts on this. I check our security
logs every day and noticed something that to me at least, is odd. A user
logs in from home and said user has a broadband connection and a wireless
router (Linksys, netgear, that variety). If I check the security log and
look at when the user disconnected from their session it has the EXTERNAL
address provided by the ISP. However, if I go into Citrix Metaframe Admin
and look at their disconnected session which is still hanging out there, hit
the Information tab, it gives me the internal address (192.x.x.x in this
case) of the PC behind the router. So, eventvwr gives the ISP assigned IP
while MFAdmin gives the interal IP. Anyone know why the difference?
Other related posts:
