Date: Mon, 03 Mar 2008 20:47:54 -0800 From: "Chris H." <chris#@1command.com> To: Mark Andrews <Mark_Andrews@isc.org> Cc: Jeremy Chadwick <koitsu@freebsd.org>, freebsd-stable@freebsd.org Subject: Re: What's new on the 127.0.0/24 block in 7? Message-ID: <20080303204754.4a8u3z78mcwskko8@webmail.1command.com> In-Reply-To: <200803040339.m243d3Oj079510@drugs.dv.isc.org> References: <200803040339.m243d3Oj079510@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Mark Andrews <Mark_Andrews@isc.org>: > >> Hello Jeremy, and thank you for your reply. >> >> Quoting Jeremy Chadwick <koitsu@freebsd.org>: >> >> > On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote: >> >> Greetings, >> >> I'm having some difficulty working with anything past 127.0.0.1. >> >> It seems impossible to use (create) any addresses on the "loopback" >> >> past 127.0.0.1. >> >> More specifically; I installed rbldnsd from ports, and it worked quite >> >> well on a 6.x install. However, attempting the same config/install on >> >> a 7-RC3 install yields the inability to bind/create 127.0.0.2, or >> >> 127.0.0.3 for rbldnsd to answer on - all queries are refused. The >> >> same pinging/digging, etc. >> >> >> >> The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd >> >> configs. Yet no joy on the RELENG_7 box. So it /appears/ something >> >> in this area has changed since 6. But I'm unable to discover any >> >> info on it. >> > >> > I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html >> > >> > Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3? >> > I don't see any indication of it needing that. DNS-based RBLs don't >> > work like that, so I'm confused by this request. >> >> OK Here, the scoop. I "bind" rbldnsd to one of my IRIP's (Internet >> Routable IP's). Requests can be made against /my/ blocklist @ my IRIP. >> Then, should there be a match, the answer is IN A 127.0.0.2 evil host >> yadda, yadda... >> >> This, unless an NON internet Routable address from a /private/ block >> is used, is the general way to best accomplish this. >> >> BTW, as I mentioned in my original post; this setup/config worked >> /perfectly/ on a recent RELENG_6 server. >> NOTE: there are no ifconfig, or ifconfig_alias's in either server' >> rc.conf /other/ than: >> >> ifconfig_lo0="inet 127.0.0.1" > > I suggest that you look again. There is nothing in 6.x > that automatically configures anything except 127.0.0.1 on > lo0. > >> in /etc/default/rc.conf on /both/ servers. Yet, for some reason >> the 6.x server provides 127.0.0/24 without question. > > By default 6.x will configure lo0 as 127.0.0.1/8. > > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > inet 127.0.0.1 netmask 0xff000000 > inet 10.53.0.1 netmask 0xffffffff > inet 10.53.0.2 netmask 0xffffffff > inet 10.53.0.3 netmask 0xffffffff > inet 10.53.0.4 netmask 0xffffffff > inet 10.53.0.5 netmask 0xffffffff > inet 10.53.0.6 netmask 0xffffffff > inet 10.53.0.7 netmask 0xffffffff > inet 127.0.0.2 netmask 0xffffffff > inet 127.0.0.3 netmask 0xffffffff > > ifconfig_lo0_alias0="inet 10.53.0.1 netmask 0xffffffff" > ifconfig_lo0_alias1="inet 10.53.0.2 netmask 0xffffffff" > ifconfig_lo0_alias2="inet 10.53.0.3 netmask 0xffffffff" > ifconfig_lo0_alias3="inet 10.53.0.4 netmask 0xffffffff" > ifconfig_lo0_alias4="inet 10.53.0.5 netmask 0xffffffff" > ifconfig_lo0_alias5="inet 10.53.0.6 netmask 0xffffffff" > ifconfig_lo0_alias6="inet 10.53.0.7 netmask 0xffffffff" > ifconfig_lo0_alias7="inet 127.0.0.2 netmask 0xffffffff" > ifconfig_lo0_alias8="inet 127.0.0.3 netmask 0xffffffff" > > I actually use lots of test addresses. Hello Mark. Thanks for your response. Is there any way that you know of to take a "screen shot" during boot? I see mine pass by, but I can assure you that there is only one entry for lo0 (save IP6). Dmesg, nor messages, provides the information echoed for the network. Here's the output of netstat -ir Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll xl0 1500 <Link#1> 00:60:97:31:ab:92 12058 0 6777 0 669 xl0 1500 fe80:1::260:9 fe80:1::260:97ff: 0 - 6 - - xl0 1500 11.222.333.22 myhost 6869 - 6892 - - xl0 1500 11.222.333.24 my-domain.NET 16 - 0 - - plip0 1500 <Link#2> 0 0 0 0 0 lo0 16384 <Link#3> 268 0 268 0 0 lo0 16384 localhost ::1 7 - 7 - - lo0 16384 fe80:3::1 fe80:3::1 0 - 0 - - lo0 16384 127.0.0.0 localhost 69 - 69 - - Thanks again for your reply. --Chris H > > Mark > >> The 7 server with /identical/ setup, will only provide 127.0.0.1. >> >> I hope I have been more concise this time. >> >> Thank you very much for taking the time to respond. >> >> --Chris H >> >> > >> > The software acts as "dumb" DNS server that returns specific IP >> > addresses when certain zones are resolved. postfix, sendmail, or any >> > other MTA will attempt DNS resolution of a hostname (at whatever stage >> > of the SMTP transaction). You tell the MTA to use whatever.blah.com as >> > a dnsbl, and the MTA will execute a resolver query to whatever.blah.com >> > for a specific hostname. The resolver (rbldnsd) will answer for a >> > hostname with a specific IP address (per the configuration file); each >> > IP address returned can be used for a unique purpose, e.g. 127.0.0.2 >> > could mean "SOCKS proxy; denied", while 127.0.0.99 could mean "Known >> > hijacked network". >> > >> > There's a common list used here: >> > >> > http://www.netwidget.net/books/apress/dns/info/dnsbl.htm; see section >> > "127/8 Return Codes". >> > >> > If, for some bizarre reason, you REALLY DO need multiple loopback >> > addresses, it works fine, as confirmed on my RELENG_7 box: >> > >> > icarus# ifconfig lo0 inet 127.0.0.2 netmask 255.255.255.255 alias >> > icarus# ifconfig lo0 >> > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 >> > inet 127.0.0.1 netmask 0xff000000 >> > inet 127.0.0.2 netmask 0xffffffff >> > icarus# ping 127.0.0.2 >> > PING 127.0.0.2 (127.0.0.2): 56 data bytes >> > 64 bytes from 127.0.0.2: icmp_seq=0 ttl=64 time=0.022 ms >> > 64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.012 ms >> > ^C >> > --- 127.0.0.2 ping statistics --- >> > 2 packets transmitted, 2 packets received, 0.0% packet loss >> > round-trip min/avg/max/stddev = 0.012/0.017/0.022/0.005 ms >> > >> > >> > -- >> > | Jeremy Chadwick jdc at parodius.com | >> > | Parodius Networking http://www.parodius.com/ | >> > | UNIX Systems Administrator Mountain View, CA, USA | >> > | Making life hard for others since 1977. PGP: 4BD6C0CB | >> > >> > _______________________________________________ >> > freebsd-stable@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >> > >> >> >> >> -- >> panic: kernel trap (ignored) >> >> >> >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > -- panic: kernel trap (ignored)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080303204754.4a8u3z78mcwskko8>