From owner-freebsd-questions Tue Jan 28 10:27:58 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E50537B401 for ; Tue, 28 Jan 2003 10:27:56 -0800 (PST) Received: from mail1.atl.registeredsite.com (mail1.atl.registeredsite.com [64.224.219.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0736243F3F for ; Tue, 28 Jan 2003 10:27:55 -0800 (PST) (envelope-from admin@asarian-host.net) Received: from asarian-host.net (asarian-host.net [216.122.74.112]) by mail1.atl.registeredsite.com (8.12.6/8.12.6) with ESMTP id h0SIRsPI021241 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT) for ; Tue, 28 Jan 2003 13:27:54 -0500 Comments: To protect the identity of the sender, certain header fields are either not shown, or masked. Anonymous email addresses for asarians can be requested by filling in the appropriate form at: https://asarian-host.net/cgi-bin/signup.cgi Received: (from root@localhost) by asarian-host.net (8.11.6/8.11.0) id h0SIRro50836 for freebsd-questions@freebsd.org; Tue, 28 Jan 2003 19:27:53 +0100 (CET) (envelope-from admin@asarian-host.net) Posted-Date: Tue, 28 Jan 2003 19:27:53 +0100 (CET) From: Mark Message-Id: <200301281827.H0SIRO950807@asarian-host.net> Date: Tue, 28 Jan 2003 19:27:39 +0100 X-Authenticated-Sender: admin@asarian-host.net Subject: SOLVED! (was: Re: How to stop BIND from using high ports?) X-Trace: Jd/USPHdR0DThmoQUAd378CO0v2uUhVyn03mFqvEyiaxNt1NcazejIsY0J/rk7Zl X-Complaints-To: abuse@asarian-host.net X-Abuse-Info: Please be sure to forward a copy of ALL headers X-Abuse-Info: Otherwise we are unable to process your complaint Organization: Asarian-host To: "Matthew Seaman" Cc: References: <200301281029.H0SATM937146@asarian-host.net> <20030128125210.GB20406@happy-idiot-talk.infracaninophi> <200301281512.H0SFC1991673@asarian-host.net> <20030128163145.GB22731@happy-idiot-talk.infracaninophi> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Auth: Asarian-host PGP signature iQEVAwUAPjbLqTFqW1BleBN9AQHpngf6AjDdwrVefv81IFN9hrkaWb5JlvSMB5q/ Sogk8W5iTZ+xotLTLpgYx8lIFTLVLZtpiigCrR+21QBDa9/d3bwy2hQ9cfEyXfj3 uLOu7laJNEPwpoRuazhyeeMEsIdbEJdyDNchr4br3Gq2h4Oq1R4fKkeV7INhgtNX seu49l1SRJ7cKbVvpZyZ2npJ75UfManYe/Wj95h0ZKHQgcr3fI0yadgTUSqYULLm JplpHMYd+Z9JYDNASHMR25ByoY14IpQKoGwIBRzWxO6f1eb7Xu1G46Uw3TdCKH7M oJ78tfMfe/yk6zKbLwUP9Tsdo/x0f9iUawMLGgqew5UGr/+A9BEwfA== =Z9GW Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Matthew Seaman" To: Sent: Tuesday, January 28, 2003 5:31 PM Subject: Re: How to stop BIND from using high ports? > On Tue, Jan 28, 2003 at 04:11:51PM +0100, Mark wrote: > > > --[ with src port = 53 ]-------- 15:33:03.472128 210.49.20.142.domain > > > 194.109.160.70.domain: [udp sum ok] 6636 A? asarian-host.net. [|domain] > > (ttl 64, id 13043, len 62) 15:33:03.802488 194.109.160.70.34336 > > > 210.49.20.142.domain: 6636*- q: A? > > > > Here it seems my BIND is indeed replying with a source port of 34336. > > Very peculiar. I have no idea how this is possible. :( > > Is your nameserver perhaps behind a NAT gateway? Does this option > from the natd(8) man page seem relevant to you? > > -same_ports | -m > Try to keep the same port number when altering outgoing > packets. With this option, protocols such as RPC will have a > better chance of working. If it is not possible to maintain > the port number, it will be silently changed as per normal. Matthew, you're a genius!! :) Although I do not have the NAT daemon running, I suddenly realized my hardware router does NAT too. You were so right! Even though the hardware NAT has no redirection defined for outgoing ports, this is, in fact, exactly what happened, just as you predicted. :) I disabled it altogether (I just used it for incoming port-redirection to several machines on my LAN, but I now solved that otherwise), and lo and behold, all problems are immediately gone and everything resolves again. :)) I'm impressed! Matthew, you're the man! :) - Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message