From owner-freebsd-questions Tue Dec 14 6:14:41 1999 Delivered-To: freebsd-questions@freebsd.org Received: from bh.mbn.or.jp (bh.mbn.or.jp [202.217.0.65]) by hub.freebsd.org (Postfix) with ESMTP id ED7E914F36 for ; Tue, 14 Dec 1999 06:14:36 -0800 (PST) (envelope-from mimiandi@bh.mbn.or.jp) Received: from kayo (cse10-14.machida.mbn.or.jp [202.217.28.130]) by bh.mbn.or.jp (8.9.1a/bh.mbn.or.jp-2.0) with SMTP id XAA00291 for ; Tue, 14 Dec 1999 23:14:30 +0900 (JST) Message-ID: <000f01bf463e$bcda4100$0301010a@kayo> From: "Kayo" To: Subject: ipfw help ? Date: Tue, 14 Dec 1999 23:23:04 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG hi, ipfw: 31 Accept UDP *.*.233.189:53 *.*.*.3:1024 in via fxp0 Recently, I have installed ipfw and noticed above in my log. *.*.*.3 is my dns as well as Firewall to my network. *.*.233.189 some machine somewhere (not my network) My logs shows that not only *.*.233.189 but many other hosts are sending packets from their port 53 to my dns machine port 1024. As I referred to the /etc/services, from 1024 to 49151 is registered ports. (Used by portmaps? ) In my firewall rules, I blocked all the registered ports except for above as I didn't mind anyone querying my dns. But, shouldn't it be talking to port tcp 53 or udp 53 or use dynamic ports? Also, how are registered ports used? One more thing, my log also shows that someone is using private IPs as shown below. ipfw: 3 Deny TCP 10.17.201.30:46806 *.*.*.36:80 in via fxp0 ipfw: 5 Deny TCP 172.16.1.2:63533 *.*.*.11:80 in via fxp0 Is there anything else I can do besides dropping these packets? Thanks in advance. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message