From owner-freebsd-questions Sun Oct 27 5:15:10 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E70BA37B401 for ; Sun, 27 Oct 2002 05:15:06 -0800 (PST) Received: from colossus.systems.pipex.net (colossus.systems.pipex.net [62.241.160.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id F154E43E3B for ; Sun, 27 Oct 2002 05:15:05 -0800 (PST) (envelope-from stacey@Demon.vickiandstacey.com) Received: from Demon (81-86-129-77.dsl.pipex.com [81.86.129.77]) by colossus.systems.pipex.net (Postfix) with ESMTP id 217EE160001F4 for ; Sun, 27 Oct 2002 13:15:02 +0000 (GMT) Subject: FBSD 4.7 reset itself - lots of "DENY UDP" messages in /var/log/security From: Stacey Roberts Reply-To: sroberts@dsl.pipex.com To: FreeBSD Questions Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-nC0rHnLHn/ZgPai6/1LX" X-Mailer: Ximian Evolution 1.0.8 Date: 27 Oct 2002 13:15:02 +0000 Message-Id: <1035724504.394.12.camel@Demon.vickiandstacey.com> Mime-Version: 1.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-nC0rHnLHn/ZgPai6/1LX Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, Within the last few minutes, my FreeBSD g'way reset itself.=20 On coming up, I checked all available logs, and found the following in /var/log/security: Oct 27 12:59:22 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 192.33.4.12:53 out via sis0 Oct 27 12:59:30 Demon last message repeated 8 times Oct 27 12:59:34 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 192.112.36.4:53 out via sis0 Oct 27 12:59:36 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 192.112.36.4:53 out via sis0 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1077 from 127.0.0.1:53 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1076 from 127.0.0.1:53 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1075 from 127.0.0.1:53 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1074 from 127.0.0.1:53 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1073 from 127.0.0.1:53 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1071 from 127.0.0.1:53 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1072 from 127.0.0.1:53 Oct 27 12:59:38 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 128.63.2.53:53 out via sis0 Oct 27 12:59:42 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 128.9.0.107:53 out via sis0 Oct 27 12:59:44 Demon /kernel: Connection attempt to UDP 127.0.0.1:1078 from 127.0.0.1:53 Oct 27 12:59:46 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 193.0.14.129:53 out via sis0 Oct 27 13:00:06 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 192.5.5.241:53 out via sis0 # I recognised the remote addresses to be those of DNS root servers, to verify: # nslookup 192.203.230.10 Server: localhost.vickiandstacey.com Address: 127.0.0.1 Name: E.ROOT-SERVERS.NET Address: 192.203.230.10 # Here's what I've got from running last: Demon# last stacey ttyp0 :0 Sun Oct 27 12:57 still logged in stacey ttyv0 Sun Oct 27 12:56 still logged in reboot ~ Sun Oct 27 12:56 stacey ttyp2 :0 Sun Oct 27 00:52 - 01:18=20 (00:25) stacey ttyp0 :0 Sun Oct 27 00:18 - crash=20 (13:37) stacey ttyp2 :0 Sat Oct 26 21:15 - 00:15=20 (03:00) stacey ttyp2 :0 Fri Oct 25 20:59 - 23:02=20 (02:02) stacey ttyp2 :0 Fri Oct 25 19:45 - 20:25=20 (00:40) stacey ttyp1 :0 Wed Oct 23 22:50 - 23:19=20 (00:29) stacey ttyp0 :0 Wed Oct 23 22:41 - 00:15 (3+01:34) Is anyone able to point me to what went wrong here? I suspect its got something to do with the tons of ipfw DENY messages, but I wouldn't know where to start with this. Here's the uname: # uname -a FreeBSD De 4.7-STABLE FreeBSD 4.7-STABLE #0: Sat Oct 12 10:04:03 BST 2002 root@.vickiandstacey.com:/usr/obj/usr/src/sys/FALCON=20 i386 #=20 I'm running named in a sandbox here, and would have thought that this set-up would have prevented a crash of this nature (if it is indeed that the crash is related to DNS) Anything that you need, please let me know. TIA Stacey --=20 Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com --=-nC0rHnLHn/ZgPai6/1LX Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUAPbvm1ZvQeubckvvXAQEBAAf/VClgVw8OMHxSyxZnrgoCMfPKUV1Kn2jS WhR5MMS0+LYmvLm3tBSDmdDT92SjnaPuFIyaVxUp08cnkhPOwEp2FssZg83gEUN1 wIhTL42B0Z3FuIpHa70M+1qrjiP+dywm36tgU4B4MBxDZEJCZQ2v2LmDdoc4DEpi ZNNAsHUR92cZHgsIOyTVDkWj0qmoaOogURDiwbEPbtzG0qPVZBkivf+tzsesXCN3 BVCxoCRk1nX3mnDzKW/kObsQBtjvlW+KfS3ZVgDMpINAhyBFIVHNW/wYJHCtqoJm TtY5lHg0bW9YlwJ/hnto6J9ffgQ0S4lQNwN8sxxgU8sIp3kOqH5d5g== =Korv -----END PGP SIGNATURE----- --=-nC0rHnLHn/ZgPai6/1LX-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message