Date: Mon, 6 Dec 2004 10:14:24 +0100 From: Kjell Midtseter <junkmail@sensewave.com> To: freebsd-questions@freebsd.org Cc: freebsd-questions-local@be-well.ilk.org Subject: Re: daily security run output messages Message-ID: <20041206091424.GA2564@tyven.la3sg.net> In-Reply-To: <44r7m49030.fsf@be-well.ilk.org> References: <20041203061207.GB1323@tyven.la3sg.net> <44r7m49030.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday, 5 December 2004 at 11:33:23 -0500, Lowell Gilbert wrote: > Kjell Midtseter <junkmail@sensewave.com> writes: > > > List members! > > > > My daily security run output contains lots of kernel log messages like the following: > > > Connection attempt to UDP 10.0.0.10:1099 from 217.13.4.21:53 > > > Connection attempt to UDP 10.0.0.10:3204 from 193.75.75.193:53 > > ------ > > What are the significanse of these messages? > > > > My ipf firewall contains: > > # domain name servers (dns) > > pass in quick on rl0 proto udp from 217.13.4.21/32 to any port = 53 keep state > > ------ > > Should I make any changes to my firewall settings? > > Looks like a NAT problem; is your 10.0.0.10 address supposed to be > visible to the ISP's DNS server? The ISP's DNS server should not be able to see my 10.0.0.10 address. I am talking to my ISP through a Cisco 677i modem. The modem IP is 10.0.0.1 NATing can not be turned off (?) in the modem. My R4.10 firewall talks to the modem using IP 10.0.0.10 and the firewall is doing NAT also. My internal network is in the 192.168.1.nn range. Regards from Kjell > > -- > Lowell Gilbert, embedded/networking software engineer, Boston area > http://be-well.ilk.org/~lowell/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041206091424.GA2564>