From owner-freebsd-questions Wed Oct 9 11:22:20 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2EAE837B401 for ; Wed, 9 Oct 2002 11:22:18 -0700 (PDT) Received: from dsl-64-128-185-9.telocity.com (dsl-64-128-185-9.telocity.com [64.128.185.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A3FD43E75 for ; Wed, 9 Oct 2002 11:22:17 -0700 (PDT) (envelope-from mjoyner2@hq.dyns.cx) Received: (from root@localhost) by dsl-64-128-185-9.telocity.com (8.11.5/8.11.5) id g99IKsI48010; Wed, 9 Oct 2002 14:20:54 -0400 (EDT) (envelope-from mjoyner2@hq.dyns.cx) Received: from ip-34.internal (ip-34.internal [192.168.2.34]) by hq.dyns.cx (8.11.5/8.11.5av) with ESMTP id g99IKpl48002; Wed, 9 Oct 2002 14:20:51 -0400 (EDT) (envelope-from mjoyner2@hq.dyns.cx) Received: from hq.dyns.cx (localhost [127.0.0.1]) by ip-34.internal (8.12.6/8.12.6) with ESMTP id g99ILoQO088583; Wed, 9 Oct 2002 14:21:55 -0400 (EDT) (envelope-from mjoyner2@hq.dyns.cx) Message-ID: <3DA473BE.5070803@hq.dyns.cx> Disposition-Notification-To: wolf Date: Wed, 09 Oct 2002 14:21:50 -0400 From: wolf User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Roman Neuhauser Cc: Wolfieee , freebsd-questions@freebsd.org Subject: Re: UDP Port 53 Log In Vain Messages References: <3DA46595.8000801@hq.dyns.cx> <20021009175601.GL51897@freepuppy.bellavista.cz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I don't think the firewall is to blame. 00050 60949435 31435808176 divert 8668 ip from any to any via rl0 00100 716310 99071516 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 120754392 61388414174 allow ip from any to any 65535 8 1016 deny ip from any to any Roman Neuhauser wrote: ># mjoyner@hq.dyns.cx / 2002-10-09 13:21:25 -0400: > > >>Ok, what causes the following events to ocurr and what do I do to fix >>whatever is wrong? >> >>_MY_MACHINE_ is my machine >>_ISP_NAMESERVER_01_ and _ISP_NAMESERVER_02_ are my ISP's nameservers >>I am running named. >> >>What additional information is needed? (if any) >>What do I look at? >> >>Unusual System Events >>=-=-=-=-=-=-=-=-=-=-= >>Oct 9 09:01:01 hq /kernel: Connection attempt to UDP _MY_MACHINE_:3550 from _ISP_NAMESERVER_02_:53 >>Oct 9 09:01:03 hq /kernel: Connection attempt to UDP _LOCALHOST_:512 from _LOCALHOST_:3597 >>Oct 9 09:01:06 hq /kernel: Connection attempt to UDP _MY_MACHINE_:3551 from _ISP_NAMESERVER_01_:53 >>Oct 9 09:01:14 hq /kernel: Connection attempt to UDP _MY_MACHINE_:3553 from _ISP_NAMESERVER_02_:53 >>Oct 9 09:01:17 hq /kernel: Connection attempt to UDP _MY_MACHINE_:3554 from _ISP_NAMESERVER_01_:53 >>Oct 9 09:01:23 hq /kernel: Connection attempt to UDP _LOCALHOST_:512 from _LOCALHOST_:3611 >>Oct 9 09:01:24 hq /kernel: Connection attempt to UDP _LOCALHOST_:3548 from _LOCALHOST_:53 >> >> > > this means that you have a firewall that blocks incoming udp on port > 53 on both the loopback and your nic. > > specifically, the blocked packets are replies to your dns queries. > > fix your firewall ruleset. the rule from my ipf ruleset: > > pass out quick on $if proto tcp/udp from $ip to any port = 53 keep state > > that "keep state" is what allows the responses back in. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message