Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 2 Dec 2004 19:56:27 +0100
From:      Christian Hiris <4711@chello.at>
To:        freebsd-questions@freebsd.org
Cc:        Jonathon McKitrick <jcm@freebsd-uk.eu.org>
Subject:   Re: Why these connections from 127.0.0.1?
Message-ID:  <200412021956.42277.4711@chello.at>
In-Reply-To: <20041202162134.GA57605@dogma.freebsd-uk.eu.org>
References:  <20041202123606.GA50028@dogma.freebsd-uk.eu.org> <20041202131730.F66254@cactus.fi.uba.ar> <20041202162134.GA57605@dogma.freebsd-uk.eu.org>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 02 December 2004 17:21, Jonathon McKitrick wrote:
> On Thu, Dec 02, 2004 at 01:20:49PM -0300, Fernando Gleiser wrote:
> : In the original case, it seems he is not runing those services. When
> : sendmail (or whatever mta he's using) tries to make an ident lookup, it
> : fails and log in vain logs the connection attempt to the closed port (it
> : only logs attempts to connect to closed ports). Same for biff, something
> : tries to query biff, the connection is refused because it isn't
> : listening, log in vain logs it. That simple, I wouldn't worry about it
>
> I'm running a local sendmail just to forward root mail to my user account.
> The rest of my mail comes from remote accounts or POP3.

If you don't like to read the messages in your logs, you can add two firewall 
rules to your firewall-config (assuming you run ipfw):

${fwcmd} add 90 reject tcp from 127.0.0.1 to 127.0.0.1 113 via lo0
${fwcmd} add 91 reject udp from 127.0.0.1 to 127.0.0.1 512 via lo0

The rules must be placed before the rule where you allow all traffic that goes 
via lo0: 

# ipfw show | grep lo0
00090  1  64 reject tcp from 127.0.0.1 to 127.0.0.1 dst-port 113 via lo0
00091  0   0 reject tcp from 127.0.0.1 to 127.0.0.1 dst-port 512 via lo0
00100  0   0 allow ip from any to any via lo0

Because the packets are rejected by the firewall now, they do not reach the 
point where the kernel processes the code for sysctl MIB log_in_vain on the 
packets. So they are no longer logged.

Rejecting maybe prevents sendmail of a 60 second delay, because it no longer 
needs to wait for a identd reply. I don't know too much about the sendmail 
code, so I'm not 100 pct. sure about how sendmail handles identd timeouts. 

When you run a small home-network it's more a kind of academic discussion, you 
probably can live with this as is.

- -- 
Christian Hiris <4711@chello.at> | OpenPGP KeyID 0x3BCA53BE 
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBr2Vq09WjGjvKU74RAtRhAJ9yK5itVpXGfzaovALa9gR9xli9OwCfYcua
7aOoEfBbcenBHsbtRKSPYxU=
=3bjP
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412021956.42277.4711>