From owner-freebsd-questions@FreeBSD.ORG Thu Dec 2 15:56:04 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 657D016A4CE for ; Thu, 2 Dec 2004 15:56:04 +0000 (GMT) Received: from chello084114137224.1.15.vie.surfer.at (chello084114137224.1.15.vie.surfer.at [84.114.137.224]) by mx1.FreeBSD.org (Postfix) with SMTP id C90F143D46 for ; Thu, 2 Dec 2004 15:56:02 +0000 (GMT) (envelope-from 4711@chello.at) Received: (qmail 55991 invoked from network); 2 Dec 2004 15:56:01 -0000 Received: from matrix010.matrix.net (192.168.123.10) by ns.matrix.net with SMTP; 2 Dec 2004 15:56:01 -0000 From: Christian Hiris <4711@chello.at> To: freebsd-questions@freebsd.org Date: Thu, 2 Dec 2004 16:55:28 +0100 User-Agent: KMail/1.7 References: <20041202123606.GA50028@dogma.freebsd-uk.eu.org> <20041202094853.Q66254@cactus.fi.uba.ar> <20041202140601.GA53089@dogma.freebsd-uk.eu.org> In-Reply-To: <20041202140601.GA53089@dogma.freebsd-uk.eu.org> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200412021656.01136.4711@chello.at> cc: Jonathon McKitrick Subject: Re: Why these connections from 127.0.0.1? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Dec 2004 15:56:04 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 02 December 2004 15:06, Jonathon McKitrick wrote: > On Thu, Dec 02, 2004 at 09:50:51AM -0300, Fernando Gleiser wrote: > : On Thu, 2 Dec 2004, Jonathon McKitrick wrote: > : > I'm trying to figure out why these messages are showing up: > : > > : > neptune kernel log messages: > : > > Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:3746 > : > > flags:0x02 Connection attempt to TCP 127.0.0.1:113 from > : > > 127.0.0.1:2058 flags:0x02 Connection attempt to UDP 127.0.0.1:512 > : > > from 127.0.0.1:4293 > : > > Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4864 > : > > Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:1972 > : > > flags:0x02 Connection attempt to UDP 127.0.0.1:512 from > : > > 127.0.0.1:3859 > : > > : > I thought my firewall was allowing loopback traffic. > : > : They look like "log in vain" entries. to you have log in vain enabled? > > I believe so. > > : 113/tcp is identd and 512/udp is biff. My guess is your mail system is > : generating those requests and log in vain logs them. > > Should I disable log-in-vain or somehow allow these through? The log-in-vain sysctl only controls logging behavior, it has no influence on how the packets are handled. Rejecting the identd packets or running an identd server might speed up your mailservices. It's possible that a mailservice like smtp waits until it gets a reply from your identd service. In the worst case it waits until network timeout is reached. This probably depends on your blackhole(4) sysctl settings. On how to run several types of identd services see /etc/inetd.conf - look out for the predefined "auth" services - and 'man 8 inetd'. Or simply reject the connection requests by your firewall, by sending a RST, discarding the packet is not sufficient in this case. AFAIK know SMTP servers try to gain some information (like username and systemname) from a clientsystem via identd. So if you decide to enable identd, better check your mail-headers afterwards. I never run comsat/biff, so I can't tell you much about. 'man 8 comsat' and 'man 1 biff' is your friend. - -- Christian Hiris <4711@chello.at> | OpenPGP KeyID 0x3BCA53BE OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBrzsR09WjGjvKU74RAjS0AJ9qjsvHaNWlgNzz53rFMqViXDjrrgCfbrlZ 8xm7AVuNqOMuhuqyYV1YurY= =BCPs -----END PGP SIGNATURE-----