From owner-freebsd-questions@FreeBSD.ORG  Mon Dec  6 09:14:31 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6951A16A4CE
	for <freebsd-questions@freebsd.org>;
	Mon,  6 Dec 2004 09:14:31 +0000 (GMT)
Received: from tyven.la3sg.net (la3sg.net [217.13.29.172])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 782BA43D54
	for <freebsd-questions@freebsd.org>;
	Mon,  6 Dec 2004 09:14:30 +0000 (GMT)
	(envelope-from tyven@tyven.la3sg.net)
Received: from tyven.la3sg.net (tyven@localhost.la3sg.net [127.0.0.1])
	by tyven.la3sg.net (8.13.1/8.13.1) with ESMTP id iB69EP2T002698;
	Mon, 6 Dec 2004 10:14:26 +0100 (CET)
	(envelope-from tyven@tyven.la3sg.net)
Received: (from tyven@localhost)
	by tyven.la3sg.net (8.13.1/8.13.1/Submit) id iB69EPQf002697;
	Mon, 6 Dec 2004 10:14:25 +0100 (CET)
	(envelope-from tyven)
Date: Mon, 6 Dec 2004 10:14:24 +0100
From: Kjell Midtseter <junkmail@sensewave.com>
To: freebsd-questions@freebsd.org
Message-ID: <20041206091424.GA2564@tyven.la3sg.net>
Mail-Followup-To: freebsd-questions@freebsd.org,
	freebsd-questions-local@be-well.ilk.org
References: <20041203061207.GB1323@tyven.la3sg.net>
	<44r7m49030.fsf@be-well.ilk.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <44r7m49030.fsf@be-well.ilk.org>
User-Agent: Mutt/1.4.2.1i
cc: freebsd-questions-local@be-well.ilk.org
Subject: Re: daily security run output messages
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: junkmail@sensewave.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Dec 2004 09:14:31 -0000

On Sunday,  5 December 2004 at 11:33:23 -0500, Lowell Gilbert wrote:
> Kjell Midtseter <junkmail@sensewave.com> writes:
> 
> > List members!
> > 
> > My daily security run output contains lots of kernel log messages like the following:
> > > Connection attempt to UDP 10.0.0.10:1099 from 217.13.4.21:53
> > > Connection attempt to UDP 10.0.0.10:3204 from 193.75.75.193:53
> > ------
> > What are the significanse of these messages?
> > 
> > My ipf firewall contains:
> > # domain name servers (dns)
> > pass in quick on rl0 proto udp from 217.13.4.21/32 to any port = 53 keep state
> > ------
> > Should I make any changes to my firewall settings?
> 
> Looks like a NAT problem; is your 10.0.0.10 address supposed to be
> visible to the ISP's DNS server?

The ISP's DNS server should not be able to see my 10.0.0.10 address.
I am talking to my ISP through a Cisco 677i modem. The modem IP is 10.0.0.1
NATing can not be turned off (?) in the modem.
My R4.10 firewall talks to the modem using IP 10.0.0.10 and the firewall is doing NAT also.
My internal network is in the 192.168.1.nn range.

Regards from Kjell
> 
> -- 
> Lowell Gilbert, embedded/networking software engineer, Boston area
> 		http://be-well.ilk.org/~lowell/