From owner-freebsd-hackers  Tue Dec 15 08:16:01 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA12585
          for freebsd-hackers-outgoing; Tue, 15 Dec 1998 08:09:18 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from super-g.inch.com (super-g.com [207.240.140.161])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA12572
          for <hackers@FreeBSD.ORG>; Tue, 15 Dec 1998 08:09:12 -0800 (PST)
          (envelope-from spork@super-g.com)
Received: from localhost (localhost [127.0.0.1])
	by super-g.inch.com (8.8.8/8.8.5) with SMTP id LAA24102;
	Tue, 15 Dec 1998 11:06:58 -0500 (EST)
Date: Tue, 15 Dec 1998 11:06:57 -0500 (EST)
From: spork <spork@super-g.com>
X-Sender: spork@super-g.inch.com
To: Robert Withrow <witr@rwwa.com>
cc: Bernd Walter <ticso@cicely.de>, dmlb@ragnet.demon.co.uk,
        hackers@FreeBSD.ORG
Subject: Re: NFS thoughts 
In-Reply-To: <199812150156.UAA28685@spooky.rwwa.com>
Message-ID: <Pine.BSF.4.00.9812151100500.23031-100000@super-g.inch.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Mon, 14 Dec 1998, Robert Withrow wrote:

> ticso@cicely.de said:
> :- Nevertheless the client discards the answers. 
> 
> As, I'm told, it should.  Otherwise this allows for a 
> spoofing attack.  I was told this was a bug in SUN NFS servers,
> returning the wrong IP in a packet.  Also, I thought the 
> "noconn" option was the work-around for this problem.

How about this one.  I have two servers with two nics each.  One nic on
each machine has a 'public' IP and the other has a 'private' IP.  All nfs
mounts happen on the private side.  Both machines are nfs servers and
clients.  If I take one out of service, I see these messages from the
portmapper (this is Wietse's portmapper w/ACLs):

Dec 15 10:36:59 newshell portmap[295]: connect from 207.240.xxx.xxx to
callit(mountd): request from unauthorized host.

So even though the mount it's trying is on 10.0.0.x, it tries connecting
out the public side...  Any ideas why?

Thanks,

Charles

> 
> ---------------------------------------------------------------------
> Robert Withrow, R.W. Withrow Associates, Swampscott MA, witr@rwwa.COM
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message