From owner-freebsd-stable@FreeBSD.ORG Tue Mar 4 03:15:50 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E537106566B; Tue, 4 Mar 2008 03:15:50 +0000 (UTC) (envelope-from chris#@1command.com) Received: from mail.1command.com (mail.1command.com [75.160.109.226]) by mx1.freebsd.org (Postfix) with ESMTP id 1FB728FC19; Tue, 4 Mar 2008 03:15:49 +0000 (UTC) (envelope-from chris#@1command.com) Received: from mail.1command.com (localhost.1command.com [127.0.0.1]) by mail.1command.com (8.13.3/8.13.3) with ESMTP id m243Ffxr038466; Mon, 3 Mar 2008 19:15:47 -0800 (PST) (envelope-from chris#@1command.com) Received: (from www@localhost) by mail.1command.com (8.13.3/8.13.3/Submit) id m243FfXE038465; Mon, 3 Mar 2008 19:15:41 -0800 (PST) (envelope-from chris#@1command.com) Received: from hitme.hitometer.net (hitme.hitometer.net [75.160.109.235]) by webmail.1command.com (H.R. Communications Messaging System) with HTTP; Mon, 03 Mar 2008 19:15:41 -0800 Message-ID: <20080303191541.zo38uh036ogg8400@webmail.1command.com> X-Priority: 3 (Normal) Date: Mon, 03 Mar 2008 19:15:41 -0800 From: "Chris H." To: Jeremy Chadwick References: <20080303174335.xzd80uz0so48o8sk@webmail.1command.com> <20080304022120.GA67410@eos.sc1.parodius.com> In-Reply-To: <20080304022120.GA67410@eos.sc1.parodius.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: H.R. Communications Internet Messaging System (HCIMS) 4.1 Professional (not for redistribution) / FreeBSD-5.5 Cc: freebsd-stable@freebsd.org Subject: Re: What's new on the 127.0.0/24 block in 7? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 03:15:50 -0000 Hello Jeremy, and thank you for your reply. Quoting Jeremy Chadwick : > On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote: >> Greetings, >> I'm having some difficulty working with anything past 127.0.0.1. >> It seems impossible to use (create) any addresses on the "loopback" >> past 127.0.0.1. >> More specifically; I installed rbldnsd from ports, and it worked quite >> well on a 6.x install. However, attempting the same config/install on >> a 7-RC3 install yields the inability to bind/create 127.0.0.2, or >> 127.0.0.3 for rbldnsd to answer on - all queries are refused. The >> same pinging/digging, etc. >> >> The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd >> configs. Yet no joy on the RELENG_7 box. So it /appears/ something >> in this area has changed since 6. But I'm unable to discover any >> info on it. > > I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html > > Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3? > I don't see any indication of it needing that. DNS-based RBLs don't > work like that, so I'm confused by this request. OK Here, the scoop. I "bind" rbldnsd to one of my IRIP's (Internet Routable IP's). Requests can be made against /my/ blocklist @ my IRIP. Then, should there be a match, the answer is IN A 127.0.0.2 evil host yadda, yadda... This, unless an NON internet Routable address from a /private/ block is used, is the general way to best accomplish this. BTW, as I mentioned in my original post; this setup/config worked /perfectly/ on a recent RELENG_6 server. NOTE: there are no ifconfig, or ifconfig_alias's in either server' rc.conf /other/ than: ifconfig_lo0="inet 127.0.0.1" in /etc/default/rc.conf on /both/ servers. Yet, for some reason the 6.x server provides 127.0.0/24 without question. The 7 server with /identical/ setup, will only provide 127.0.0.1. I hope I have been more concise this time. Thank you very much for taking the time to respond. --Chris H > > The software acts as "dumb" DNS server that returns specific IP > addresses when certain zones are resolved. postfix, sendmail, or any > other MTA will attempt DNS resolution of a hostname (at whatever stage > of the SMTP transaction). You tell the MTA to use whatever.blah.com as > a dnsbl, and the MTA will execute a resolver query to whatever.blah.com > for a specific hostname. The resolver (rbldnsd) will answer for a > hostname with a specific IP address (per the configuration file); each > IP address returned can be used for a unique purpose, e.g. 127.0.0.2 > could mean "SOCKS proxy; denied", while 127.0.0.99 could mean "Known > hijacked network". > > There's a common list used here: > > http://www.netwidget.net/books/apress/dns/info/dnsbl.htm; see section > "127/8 Return Codes". > > If, for some bizarre reason, you REALLY DO need multiple loopback > addresses, it works fine, as confirmed on my RELENG_7 box: > > icarus# ifconfig lo0 inet 127.0.0.2 netmask 255.255.255.255 alias > icarus# ifconfig lo0 > lo0: flags=8049 metric 0 mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > inet 127.0.0.2 netmask 0xffffffff > icarus# ping 127.0.0.2 > PING 127.0.0.2 (127.0.0.2): 56 data bytes > 64 bytes from 127.0.0.2: icmp_seq=0 ttl=64 time=0.022 ms > 64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.012 ms > ^C > --- 127.0.0.2 ping statistics --- > 2 packets transmitted, 2 packets received, 0.0% packet loss > round-trip min/avg/max/stddev = 0.012/0.017/0.022/0.005 ms > > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > -- panic: kernel trap (ignored)