From owner-freebsd-security Wed Nov 24 12: 3:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from quasar.pucrs.br (quasar.pucrs.br [200.132.10.5]) by hub.freebsd.org (Postfix) with ESMTP id BD85B15082 for ; Wed, 24 Nov 1999 12:01:36 -0800 (PST) (envelope-from mwp@pucrs.br) Received: from pucrs.br (clapton.pucrs.br [200.132.13.11]) by quasar.pucrs.br (8.9.1a/8.9.1) with ESMTP id RAA57394 for ; Wed, 24 Nov 1999 17:59:30 -0300 Message-ID: <383C447A.934944D4@pucrs.br> Date: Wed, 24 Nov 1999 18:03:06 -0200 From: Mauricio Westendorff Pegoraro X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.7 sun4m) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD Security Subject: Squid conf in ipfw machine Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi. I'm trying to configure a squid proxy (v2) in a machine with ipfw. I'm getting the following messages: 1999/11/24 17:51:39| helperOpenServers: Starting 5 'dnsserver' processes 1999/11/24 17:51:39| commBind: Cannot bind socket FD 1 to 127.0.0.1:0: (49) Can't assign requested address 1999/11/24 17:51:39| commBind: Cannot bind socket FD 1 to 127.0.0.1:0: (49) Can't assign requested address 1999/11/24 17:51:39| ipcCreate: Failed to create child FD. 1999/11/24 17:51:39| WARNING: Cannot run '/usr/local/libexec/dnsserver' process. And this is my ipfw rules: 00100 allow ip from any to any via lo0 00200 deny ip from 127.0.0.0/8 to 127.0.0.0/8 00300 divert 8668 ip from any to any via xl0 00400 deny log tcp from any to any 6667-7180 via xl0 00500 deny log tcp from any to any 6667-7180 via fxp0 00600 deny log udp from any to any 4000 via xl0 00700 deny log udp from any to any 4000 via fxp0 00800 deny log ip from 192.168.0.0/16 to any in recv xl0 00900 deny log ip from 172.16.0.0/12 to any in recv xl0 01000 deny log ip from 10.0.0.0/8 to any in recv xl0 01100 deny log tcp from any to any 111 in recv xl0 01200 deny log tcp from any to any 8080 in recv xl0 65535 allow ip from any to any <---- this rule was set by my manager. I've nothing to do with this default... Anyone out there could tell me what is the basic mistake I'm doing? I have all services, except telnetd, closed in inetd.conf. Is there any problem in this? I mean, does squid need any service of inetd to run? Thanks for any help. MauricioWP. ----------------------------- Mauricio Westendorff Pegoraro PUCRS - Brazil Unix Team To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message