Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 3 Aug 1997 16:49:52 -0700 (PDT)
From:      "Jamil J. Weatherbee" <jamil@counterintelligence.ml.org>
To:        freebsd-security@freebsd.org
Subject:   Firewalling / DNS problems
Message-ID:  <Pine.BSF.3.96.970803163653.357B-100000@counterintelligence.ml.org>

next in thread | raw e-mail | index | archive | help

this is in freebsd-stable RELENG

I found the following problem on two different freebsd machine connected
to the internet on one interface (the ip address ill call 111.222.333.444)
i use the particualr machine as a tftp server (udp) for some diskless
booting workstations (on its ethernet interface 192.168.1.1) it also has a
ppp interface 111.222.333.444. Now realizing that tftp does not
authenticate its clients i thought it would be nice to put up a firewall
rule on this machine to block tftp request from the outside to the ppp
interface (i want to allow them only to the ethernet interface on my lan)
since it is possible to have some sensitive info in my /tftpboot directory
that is world readable, and i dont want the whole world looking at it.



i did a: (on a firewall="open" type setup in rc.conf)

   ipfw add 1100 deny udp from any to 111.222.333.444/32 tftp

and verified that i could access with tftp from the inside but not the
outside --- everything worked fine until...


a couple of days later i notice that the was large amounts of mail sitting
in the mail queue with name lookup defferred errors on it. So i tried
doing host -d on a couple of those hosts and notice that many of the hosts
this doesn't work for (many timeouts on the local nameserver
127.0.0.1) also the tally for drops on 111.222.333.444 port 69 (udp) is
rather high -- after removing this entry all the mail is cleared from the
queue but reenabling it causes the problem again (in other words i have
verified it --- also on another unrelated machine). The question is why
are outside sending udp packets to port 69 during name lookups. The
following machines cause this:   host -d rs0.internic.net
				 host -d hotmail.com
				 host -d best.com

			these didn't:   host -d freebsd.org
					host -d cdrom.com

i cant think of anymore, please help.







Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970803163653.357B-100000>