From owner-freebsd-questions@FreeBSD.ORG Thu Dec 2 18:56:45 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A0EF16A4F4 for ; Thu, 2 Dec 2004 18:56:45 +0000 (GMT) Received: from chello084114137224.1.15.vie.surfer.at (chello084114137224.1.15.vie.surfer.at [84.114.137.224]) by mx1.FreeBSD.org (Postfix) with SMTP id 15DEB43D31 for ; Thu, 2 Dec 2004 18:56:44 +0000 (GMT) (envelope-from 4711@chello.at) Received: (qmail 56813 invoked from network); 2 Dec 2004 18:56:42 -0000 Received: from matrix010.matrix.net (192.168.123.10) by ns.matrix.net with SMTP; 2 Dec 2004 18:56:42 -0000 From: Christian Hiris <4711@chello.at> To: freebsd-questions@freebsd.org Date: Thu, 2 Dec 2004 19:56:27 +0100 User-Agent: KMail/1.7 References: <20041202123606.GA50028@dogma.freebsd-uk.eu.org> <20041202131730.F66254@cactus.fi.uba.ar> <20041202162134.GA57605@dogma.freebsd-uk.eu.org> In-Reply-To: <20041202162134.GA57605@dogma.freebsd-uk.eu.org> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200412021956.42277.4711@chello.at> cc: Jonathon McKitrick Subject: Re: Why these connections from 127.0.0.1? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Dec 2004 18:56:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 02 December 2004 17:21, Jonathon McKitrick wrote: > On Thu, Dec 02, 2004 at 01:20:49PM -0300, Fernando Gleiser wrote: > : In the original case, it seems he is not runing those services. When > : sendmail (or whatever mta he's using) tries to make an ident lookup, it > : fails and log in vain logs the connection attempt to the closed port (it > : only logs attempts to connect to closed ports). Same for biff, something > : tries to query biff, the connection is refused because it isn't > : listening, log in vain logs it. That simple, I wouldn't worry about it > > I'm running a local sendmail just to forward root mail to my user account. > The rest of my mail comes from remote accounts or POP3. If you don't like to read the messages in your logs, you can add two firewall rules to your firewall-config (assuming you run ipfw): ${fwcmd} add 90 reject tcp from 127.0.0.1 to 127.0.0.1 113 via lo0 ${fwcmd} add 91 reject udp from 127.0.0.1 to 127.0.0.1 512 via lo0 The rules must be placed before the rule where you allow all traffic that goes via lo0: # ipfw show | grep lo0 00090 1 64 reject tcp from 127.0.0.1 to 127.0.0.1 dst-port 113 via lo0 00091 0 0 reject tcp from 127.0.0.1 to 127.0.0.1 dst-port 512 via lo0 00100 0 0 allow ip from any to any via lo0 Because the packets are rejected by the firewall now, they do not reach the point where the kernel processes the code for sysctl MIB log_in_vain on the packets. So they are no longer logged. Rejecting maybe prevents sendmail of a 60 second delay, because it no longer needs to wait for a identd reply. I don't know too much about the sendmail code, so I'm not 100 pct. sure about how sendmail handles identd timeouts. When you run a small home-network it's more a kind of academic discussion, you probably can live with this as is. - -- Christian Hiris <4711@chello.at> | OpenPGP KeyID 0x3BCA53BE OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBr2Vq09WjGjvKU74RAtRhAJ9yK5itVpXGfzaovALa9gR9xli9OwCfYcua 7aOoEfBbcenBHsbtRKSPYxU= =3bjP -----END PGP SIGNATURE-----