daily security run output messages
Kjell Midtseter
junkmail at sensewave.com
Mon Dec 6 01:14:31 PST 2004
On Sunday, 5 December 2004 at 11:33:23 -0500, Lowell Gilbert wrote:
> Kjell Midtseter <junkmail at sensewave.com> writes:
>
> > List members!
> >
> > My daily security run output contains lots of kernel log messages like the following:
> > > Connection attempt to UDP 10.0.0.10:1099 from 217.13.4.21:53
> > > Connection attempt to UDP 10.0.0.10:3204 from 193.75.75.193:53
> > ------
> > What are the significanse of these messages?
> >
> > My ipf firewall contains:
> > # domain name servers (dns)
> > pass in quick on rl0 proto udp from 217.13.4.21/32 to any port = 53 keep state
> > ------
> > Should I make any changes to my firewall settings?
>
> Looks like a NAT problem; is your 10.0.0.10 address supposed to be
> visible to the ISP's DNS server?
The ISP's DNS server should not be able to see my 10.0.0.10 address.
I am talking to my ISP through a Cisco 677i modem. The modem IP is 10.0.0.1
NATing can not be turned off (?) in the modem.
My R4.10 firewall talks to the modem using IP 10.0.0.10 and the firewall is doing NAT also.
My internal network is in the 192.168.1.nn range.
Regards from Kjell
>
> --
> Lowell Gilbert, embedded/networking software engineer, Boston area
> http://be-well.ilk.org/~lowell/
More information about the freebsd-questions
mailing list