From owner-freebsd-security Tue Jul 10 18:39: 6 2001 Delivered-To: freebsd-security@freebsd.org Received: from koza.acecape.com (koza2.acecape.com [66.9.36.222]) by hub.freebsd.org (Postfix) with ESMTP id B4AF737B401 for ; Tue, 10 Jul 2001 18:39:03 -0700 (PDT) (envelope-from lists@natserv.com) Received: from p65-147.acedsl.com (p65-147.acedsl.com [66.114.65.147]) by koza.acecape.com (8.10.1/8.9.3) with ESMTP id f6B1coe02455; Tue, 10 Jul 2001 21:38:50 -0400 (EDT) Date: Tue, 10 Jul 2001 21:40:09 -0400 (EDT) From: Francisco Reyes X-X-Sender: To: Cc: FreeBSD Security List Subject: Re: Cant ping/nslookup In-Reply-To: <20010711013109.14413.qmail@web14608.mail.yahoo.com> Message-ID: <20010710213832.Q511-100000@zoraida.natserv.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 10 Jul 2001, Erik Ebert wrote: > > --- Francisco Reyes wrote: > > On Tue, 10 Jul 2001, Dru wrote: > > I have some rules. I thought I would only include > > the "deny" clauses to > > show that they all had the "log" option yet nothing > > was coming up on > > /var/log/security. > . > > 65535 0 0 deny ip from any to any > > The default rule, 65535, which gets added > automatically by the kernel or something, does not > have the log option on. That is almost certainly the > rule that is getting hit. What I do is add a rule > like: > > 65534 deny log ip from any to any > > to catch anything before the default rule kicks in. I have such a rule, but most importantly.. ipfw show doesn't have ANY packets hitting those rules: 05400 0 0 deny log logamount 50 ip from any to any 65535 0 0 deny ip from any to any I think somehow natd is causing the problem. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message