Adam Vande More wrote:

I used telnet to connect to 68.204.xxx.xxx
it tells me I've connected to [1]xxx.xxx.204.68.cfl.res.rr.com.
(backwards, right?), then I log in.

No, you have to a connection before you login. You want to *strongly*
consider using ssh instead of telnet. You may also be referring the
format of the DNS query result which known as
[2]http://en.wikipedia.org/wiki/Reverse_DNS_lookup

I DID have a connection. ??? Maybe I gave too much detail,
but the point is that the IP yielded by host/dig did not match
what "whatismyip.com" gave here. I'd like to know why.

After user/pass entry, it says connected from "user-yyyyyyy.cab"

(replaced seemingly random name with "yyyyyyy" in case
it's not transient)
My external IP here is 24.110.nnn.nnn
The issue:
When I use either "host" or "dig" to give me the IP address
from "user-yyyyyyy.cab", they tell me: 208.68.zzz.zzz
(Ping gives the same.)
So, I'm still at a loss, I think, to know the originating IP.
Should a firewall rule blocking 208.68.zzz.zzz actually
operate against 24.110.nnn.nnn?

I don't understand the question, what is the rule?

I'd STILL like to know the true source IP to be able to connect
back to it.

man sockstat
man netstat

Thanks. Did that:
"netstat -n" gives the correct IP.
"sockstat" does also.
I couldn't find anything in the host or dig man pages that
indicated to me that they could be made to yield the proper
24.110.*.* IP address.
About the "rule"::: I was just mentioning one of the reasons
I want the IP address is so I can monitor multiple bad login
attempts to block the troublesome IP with a firewall rule. I
ALSO would like the correct IP for another purpose (project),
that involves connecting back to the source IP.
I will give a try to find out which IP address the ipfw firewall
operates on - the 208.68.*.* one or the 24.110.*.* one. It's not
obvious which at this point to me.
Thanks.
Walter

References

1. http://xxx.xxx.204.68.cfl.res.rr.com/
2. http://en.wikipedia.org/wiki/Reverse_DNS_lookup