What's new on the 127.0.0/24 block in 7?

Chris H. chris# at 1command.com
Tue Mar 4 03:15:50 UTC 2008 

Hello Jeremy, and thank you for your reply.

Quoting Jeremy Chadwick <koitsu at freebsd.org>:

> On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote:
>> Greetings,
>> I'm having some difficulty working with anything past 127.0.0.1.
>> It seems impossible to use (create) any addresses on the "loopback"
>> past 127.0.0.1.
>> More specifically; I installed rbldnsd from ports, and it worked quite
>> well on a 6.x install. However, attempting the same config/install on
>> a 7-RC3 install yields the inability to bind/create 127.0.0.2, or
>> 127.0.0.3 for rbldnsd to answer on - all queries are refused. The
>> same pinging/digging, etc.
>>
>> The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd
>> configs. Yet no joy on the RELENG_7 box. So it /appears/ something
>> in this area has changed since 6. But I'm unable to discover any
>> info on it.
>
> I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html
>
> Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3?
> I don't see any indication of it needing that.  DNS-based RBLs don't
> work like that, so I'm confused by this request.

OK Here, the scoop. I "bind" rbldnsd to one of my IRIP's (Internet
Routable IP's). Requests can be made against /my/ blocklist @ my IRIP.
Then, should there be a match, the answer is IN A 127.0.0.2 evil host
yadda, yadda...

This, unless an NON internet Routable address from a /private/ block
is used, is the general way to best accomplish this.
BTW, as I mentioned in my original post; this setup/config worked
/perfectly/ on a recent RELENG_6 server.
NOTE: there are no ifconfig, or ifconfig_alias's in either server'
rc.conf /other/ than:

ifconfig_lo0="inet 127.0.0.1"

in /etc/default/rc.conf on /both/ servers. Yet, for some reason
the 6.x server provides 127.0.0/24 without question.
The 7 server with /identical/ setup, will only provide 127.0.0.1.

I hope I have been more concise this time.

Thank you very much for taking the time to respond.

--Chris H

>
> The software acts as "dumb" DNS server that returns specific IP
> addresses when certain zones are resolved.  postfix, sendmail, or any
> other MTA will attempt DNS resolution of a hostname (at whatever stage
> of the SMTP transaction).  You tell the MTA to use whatever.blah.com as
> a dnsbl, and the MTA will execute a resolver query to whatever.blah.com
> for a specific hostname.  The resolver (rbldnsd) will answer for a
> hostname with a specific IP address (per the configuration file); each
> IP address returned can be used for a unique purpose, e.g. 127.0.0.2
> could mean "SOCKS proxy; denied", while 127.0.0.99 could mean "Known
> hijacked network".
>
> There's a common list used here:
>
> http://www.netwidget.net/books/apress/dns/info/dnsbl.htm; see section
> "127/8 Return Codes".
>
> If, for some bizarre reason, you REALLY DO need multiple loopback
> addresses, it works fine, as confirmed on my RELENG_7 box:
>
> icarus# ifconfig lo0 inet 127.0.0.2 netmask 255.255.255.255 alias
> icarus# ifconfig lo0
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>        inet 127.0.0.1 netmask 0xff000000
>        inet 127.0.0.2 netmask 0xffffffff
> icarus# ping 127.0.0.2
> PING 127.0.0.2 (127.0.0.2): 56 data bytes
> 64 bytes from 127.0.0.2: icmp_seq=0 ttl=64 time=0.022 ms
> 64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.012 ms
> ^C
> --- 127.0.0.2 ping statistics ---
> 2 packets transmitted, 2 packets received, 0.0% packet loss
> round-trip min/avg/max/stddev = 0.012/0.017/0.022/0.005 ms
>
>
> --
> | Jeremy Chadwick                                    jdc at parodius.com |
> | Parodius Networking                           http://www.parodius.com/ |
> | UNIX Systems Administrator                      Mountain View, CA, USA |
> | Making life hard for others since 1977.                  PGP: 4BD6C0CB |
>
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>



-- 
panic: kernel trap (ignored)

More information about the freebsd-stable mailing list