What's new on the 127.0.0/24 block in 7?

Chris H. chris# at 1command.com
Tue Mar 4 04:48:02 UTC 2008 

Quoting Mark Andrews <Mark_Andrews at isc.org>:

>
>> Hello Jeremy, and thank you for your reply.
>>
>> Quoting Jeremy Chadwick <koitsu at freebsd.org>:
>>
>> > On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote:
>> >> Greetings,
>> >> I'm having some difficulty working with anything past 127.0.0.1.
>> >> It seems impossible to use (create) any addresses on the "loopback"
>> >> past 127.0.0.1.
>> >> More specifically; I installed rbldnsd from ports, and it worked quite
>> >> well on a 6.x install. However, attempting the same config/install on
>> >> a 7-RC3 install yields the inability to bind/create 127.0.0.2, or
>> >> 127.0.0.3 for rbldnsd to answer on - all queries are refused. The
>> >> same pinging/digging, etc.
>> >>
>> >> The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd
>> >> configs. Yet no joy on the RELENG_7 box. So it /appears/ something
>> >> in this area has changed since 6. But I'm unable to discover any
>> >> info on it.
>> >
>> > I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html
>> >
>> > Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3?
>> > I don't see any indication of it needing that.  DNS-based RBLs don't
>> > work like that, so I'm confused by this request.
>>
>> OK Here, the scoop. I "bind" rbldnsd to one of my IRIP's (Internet
>> Routable IP's). Requests can be made against /my/ blocklist @ my IRIP.
>> Then, should there be a match, the answer is IN A 127.0.0.2 evil host
>> yadda, yadda...
>>
>> This, unless an NON internet Routable address from a /private/ block
>> is used, is the general way to best accomplish this.
>>
>> BTW, as I mentioned in my original post; this setup/config worked
>> /perfectly/ on a recent RELENG_6 server.
>> NOTE: there are no ifconfig, or ifconfig_alias's in either server'
>> rc.conf /other/ than:
>>
>> ifconfig_lo0="inet 127.0.0.1"
>
> 	I suggest that you look again.  There is nothing in 6.x
> 	that automatically configures anything except 127.0.0.1 on
> 	lo0.
>
>> in /etc/default/rc.conf on /both/ servers. Yet, for some reason
>> the 6.x server provides 127.0.0/24 without question.
>
> 	By default 6.x will configure lo0 as 127.0.0.1/8.
>
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> 	inet6 ::1 prefixlen 128
> 	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> 	inet 127.0.0.1 netmask 0xff000000
> 	inet 10.53.0.1 netmask 0xffffffff
> 	inet 10.53.0.2 netmask 0xffffffff
> 	inet 10.53.0.3 netmask 0xffffffff
> 	inet 10.53.0.4 netmask 0xffffffff
> 	inet 10.53.0.5 netmask 0xffffffff
> 	inet 10.53.0.6 netmask 0xffffffff
> 	inet 10.53.0.7 netmask 0xffffffff
> 	inet 127.0.0.2 netmask 0xffffffff
> 	inet 127.0.0.3 netmask 0xffffffff
>
> ifconfig_lo0_alias0="inet 10.53.0.1 netmask 0xffffffff"
> ifconfig_lo0_alias1="inet 10.53.0.2 netmask 0xffffffff"
> ifconfig_lo0_alias2="inet 10.53.0.3 netmask 0xffffffff"
> ifconfig_lo0_alias3="inet 10.53.0.4 netmask 0xffffffff"
> ifconfig_lo0_alias4="inet 10.53.0.5 netmask 0xffffffff"
> ifconfig_lo0_alias5="inet 10.53.0.6 netmask 0xffffffff"
> ifconfig_lo0_alias6="inet 10.53.0.7 netmask 0xffffffff"
> ifconfig_lo0_alias7="inet 127.0.0.2 netmask 0xffffffff"
> ifconfig_lo0_alias8="inet 127.0.0.3 netmask 0xffffffff"
>
> 	I actually use lots of test addresses.

Hello Mark. Thanks for your response.
Is there any way that you know of to take a "screen shot" during
boot? I see mine pass by, but I can assure you that there is only
one entry for lo0 (save IP6). Dmesg, nor messages, provides the
information echoed for the network.

Here's the output of netstat -ir
Name    Mtu Network       Address              Ipkts Ierrs    Opkts 
Oerrs  Coll
xl0    1500 <Link#1>      00:60:97:31:ab:92    12058     0     6777     
0   669
xl0    1500 fe80:1::260:9 fe80:1::260:97ff:        0     -        6     
-     -
xl0    1500 11.222.333.22 myhost                6869     -     6892     
-     -
xl0    1500 11.222.333.24 my-domain.NET           16     -        0     
-     -
plip0  1500 <Link#2>                               0     0        0     
0     0
lo0   16384 <Link#3>                             268     0      268     
0     0
lo0   16384 localhost     ::1                      7     -        7     
-     -
lo0   16384 fe80:3::1     fe80:3::1                0     -        0     
-     -
lo0   16384 127.0.0.0     localhost               69     -       69     
-     -


Thanks again for your reply.

--Chris H


>
> 	Mark
>
>> The 7 server with /identical/ setup, will only provide 127.0.0.1.
>>
>> I hope I have been more concise this time.
>>
>> Thank you very much for taking the time to respond.
>>
>> --Chris H
>>
>> >
>> > The software acts as "dumb" DNS server that returns specific IP
>> > addresses when certain zones are resolved.  postfix, sendmail, or any
>> > other MTA will attempt DNS resolution of a hostname (at whatever stage
>> > of the SMTP transaction).  You tell the MTA to use whatever.blah.com as
>> > a dnsbl, and the MTA will execute a resolver query to whatever.blah.com
>> > for a specific hostname.  The resolver (rbldnsd) will answer for a
>> > hostname with a specific IP address (per the configuration file); each
>> > IP address returned can be used for a unique purpose, e.g. 127.0.0.2
>> > could mean "SOCKS proxy; denied", while 127.0.0.99 could mean "Known
>> > hijacked network".
>> >
>> > There's a common list used here:
>> >
>> > http://www.netwidget.net/books/apress/dns/info/dnsbl.htm; see section
>> > "127/8 Return Codes".
>> >
>> > If, for some bizarre reason, you REALLY DO need multiple loopback
>> > addresses, it works fine, as confirmed on my RELENG_7 box:
>> >
>> > icarus# ifconfig lo0 inet 127.0.0.2 netmask 255.255.255.255 alias
>> > icarus# ifconfig lo0
>> > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>> >        inet 127.0.0.1 netmask 0xff000000
>> >        inet 127.0.0.2 netmask 0xffffffff
>> > icarus# ping 127.0.0.2
>> > PING 127.0.0.2 (127.0.0.2): 56 data bytes
>> > 64 bytes from 127.0.0.2: icmp_seq=0 ttl=64 time=0.022 ms
>> > 64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.012 ms
>> > ^C
>> > --- 127.0.0.2 ping statistics ---
>> > 2 packets transmitted, 2 packets received, 0.0% packet loss
>> > round-trip min/avg/max/stddev = 0.012/0.017/0.022/0.005 ms
>> >
>> >
>> > --
>> > | Jeremy Chadwick                                    jdc at parodius.com |
>> > | Parodius Networking                           http://www.parodius.com/ |
>> > | UNIX Systems Administrator                      Mountain View, CA, USA |
>> > | Making life hard for others since 1977.                  PGP: 4BD6C0CB |
>> >
>> > _______________________________________________
>> > freebsd-stable at freebsd.org mailing list
>> > http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> > To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>> >
>>
>>
>>
>> --
>> panic: kernel trap (ignored)
>>
>>
>>
>> _______________________________________________
>> freebsd-stable at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>



-- 
panic: kernel trap (ignored)

More information about the freebsd-stable mailing list