NEWBIE: Logging into Cox Cable service
I am running FreeBSD 4.10 and am trying to connect to my Cox ISP via a an
Ethernet nic and cable modem.
I have DHCP for the nic enabled in /etc/rc.conf and can obtain an IP address
from my Windows 98 gateway, but when I connect the nic to the cable modem
and reboot I do not get a response from the cox DHCP server.
The nic shows active in ifconfig, but no IP is assigned to it.
I suspect the Cox DHCP server is expecting a username and password from
dhclient.conf
I googled and the closest answer I found was a short article in the FreeBSD
Diary published in 2000 that gave this as an example dhclient.conf:
interface "de0" {
send host-name "cr123456-a";
request subnet-mask, broadcast-address, routers, domain-name-servers,
domain-name, time-servers;
require domain-name-servers;
}
I tried substituting my own interface and looked up the hostname info cox
provided to my Windows 98 box and swapped the computer names, but no luck.
Is my hunch correct? When I set up my Windows boxes to connect to Cox with
their CD, it always asked for the main account username and password ā so
Iām guessing when the dhcp client sends out its request for an address, the
Cox DHCP server is expecting a username and password.
Can anyone tell me how to send the username and password?
TIA,
Jim C.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.718 / Virus Database: 474 - Release Date: 7/9/2004
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
SOLVED: NEWBIE: Logging into Cox Cable service
That's it Matt. Cycling the power on the modem did the trick. I guess the
modem itself is registered with the ISP - that's how they know if it's legit
or not.
Thanks to all who helped this newbie out!
Jim C.
On Mon 7/12/2004 2:01 AM Matt Haley wrote:
>I have Cox.net here. What seems to happen is that the cable modem
>itself latches on (so to speak) to the MAC address of the nic you're
>using. Usually, all that is required is to power cycle the cable modem
>and it should see the new nic and you'll be able to get your DHCP
>response.
>HTH.
>>On Sun, 11 Jul 2004 10:10:41 -0500, James A. Coulter
>><[EMAIL PROTECTED]> wrote:
>> I am running FreeBSD 4.10 and am trying to connect to my Cox ISP via a an
>> Ethernet nic and cable modem.
>>
>> I have DHCP for the nic enabled in /etc/rc.conf and can obtain an IP
address
>> from my Windows 98 gateway, but when I connect the nic to the cable modem
>> and reboot I do not get a response from the cox DHCP server.
>>
>> The nic shows active in ifconfig, but no IP is assigned to it.
>>
>> I suspect the Cox DHCP server is expecting a username and password from
>> dhclient.conf
>>
>> I googled and the closest answer I found was a short article in the
FreeBSD
>> Diary published in 2000 that gave this as an example dhclient.conf:
>>
>> interface "de0" {
>> send host-name "cr123456-a";
>> request subnet-mask, broadcast-address, routers, domain-name-servers,
>> domain-name, time-servers;
>> require domain-name-servers;
>> }
>>
>> I tried substituting my own interface and looked up the hostname info cox
>> provided to my Windows 98 box and swapped the computer names, but no
luck.
>>
>> Is my hunch correct? When I set up my Windows boxes to connect to Cox
with
>> their CD, it always asked for the main account username and password ā so
>> I'm guessing when the dhcp client sends out its request for an address,
the
>> Cox DHCP server is expecting a username and password.
>>
>> Can anyone tell me how to send the username and password?
>>
>> TIA,
>>
>> Jim C.
>>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.718 / Virus Database: 474 - Release Date: 7/9/2004
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: I downloaded everything to no avail! ISO's fail to burn
Your cd burner software should have an option to create a cd from an image. This is different than just copying files to a bland cd-rom. Look in the 'File' drop-down menu. Don't feel bad - I made the same mistake and posted the same question on this board about two years ago. P.S. Google is your best friend when researching FreeBSD issues. HTH Jim C. > -Original Message- > From: [EMAIL PROTECTED] [mailto:owner-freebsd- > [EMAIL PROTECTED] On Behalf Of Jerry Schromm > Sent: Monday, July 12, 2004 5:22 PM > To: [EMAIL PROTECTED] > Subject: I downloaded everything to no avail! ISO's fail to burn > > Hi everyone, I am not sure how this works or if I will ever get feedback. > Anyway I just discovered FreeBSD yesterday. I read all about it and I am > excited to intrigue myself with this new pc adventure. Sounds great and I > will learn something about code at the same time. I feel it had a kind of > old school feeling to it, at the same time cutting edge technology. I am a > believer in it's viability over Microsofts Windows. They love to hide > information from us not inform us. > > The reason I am writing. I downloaded the 5.2.1 IS0's. I burned the boot > disk successfully it seems. But I tried to burn the first big ISO file and > it failed to burn. Some type of burn error following the track or > something. Then I tried that other download that isn't the ISO but the > regular files. That wouldn't do anything either. It burned but I can't > instal it. That doesn't boot. Or install in anyway. > > I am wondering if FreeBSD is actually free or is this a way to get us to > order the retail box lol. I don't want to feel that way. Yestersay I was > so excited about this. I hope you can enlighten me some. > > Thanks a lot, > Jerry Schromm > Corning, California > > > > > > > > > > > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > [EMAIL PROTECTED]" > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.718 / Virus Database: 474 - Release Date: 7/9/2004 > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.718 / Virus Database: 474 - Release Date: 7/9/2004 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
NEWBIE: FreeBSD 4.10 Internet gateway/DNS problem
I am trying to setup my FreeBSD 4.10 box as an internet gateway for a small home LAN (2x Win XP and 1x Win 98SE) The LAN operates without any problems when using the Win 98SE box as a gateway - all computers can access the internet I have two nics installed in the FreeBSD box: dc0 is the LAN interface via 4-port Linksys hub dc1 is the WAN interface via cable modem I have successfully connected to the internet with dc1 I can ping all other machines on my home LAN with dc0 and vice versa I cannot access the internet from any machine except the FreeBSD gateway ifconfig looks like this: dc0: flags=8843 mtu 1500 inet6 fe80::204:5aff:fe76:55f0%dc0 prefixlen 64 scopeid 0x1 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 ether 00:04:5a:76:55:f0 media: Ethernet autoselect (100baseTX ) status: active dc1: flags=8843 mtu 1500 inet6 fe80::2a0:ccff:fe33:e1f6%dc1 prefixlen 64 scopeid 0x2 inet 68.105.58.150 netmask 0xfe00 broadcast 68.105.59.255 ether 00:a0:cc:33:e1:f6 media: Ethernet autoselect (100baseTX ) status: active lp0: flags=8810 mtu 1500 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 ppp0: flags=8010 mtu 1500 sl0: flags=c010 mtu 552 faith0: flags=8002 mtu 1500 The contents of /etc/rc.conf are: hostname="sara.mshome.net" ifconfig_dc0="inet 192.168.1.1 netmask 255.255.255.0" ifconfig_dc1="DHCP" inetd_enable="YES" gateway_enable="YES" When I try to ping an outside address from a Windows box, I get this response: "Ping request could not find host www.freebsd.org. Please check the name and try again." When I try to ping a known good URL, I get this response: Pinging 68.99.63.5 with 32 bytes of data: Request timed out. Ping statistics for 68.99.63.5: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss) I have tried setting the DNS servers on the Windows box to the addresses listed in /etc/resolv.conf: 68.105.161.20 68.1.18.25 68.10.16.30 I have also tried setting the DNS address directly to the default gateway 192.168.1.1 and get the same response. While searching around in /stand/sysinstall I found the named daemon enabled. I disabled with no change (I have since re-enabled it because I believe that was the default setting when I installed FreeBSD) FWIW, here's output of netstat -rn on the FreeBSD box: Internet: DestinationGatewayFlagsRefs Use Netif Expire default68.105.58.1UGSc23dc1 68.105.58/23 link#2 UC 20dc1 68.105.58.100:06:2a:cb:7c:54 UHLW20dc1 1199 68.105.58.150 127.0.0.1 UGHS00lo0 127.0.0.1 127.0.0.1 UH 2 26lo0 192.168.1 link#1 UC 10dc0 192.168.1.110 00:08:74:3b:8b:ba UHLW04dc0 1081 Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRSc lo0 ::1 ::1 UH lo0 :::0.0.0.0/96 ::1 UGRSc lo0 fe80::/10 ::1 UGRSc lo0 fe80::%dc0/64 link#1UC dc0 fe80::204:5aff:fe76:55f0%dc0 00:04:5a:76:55:f0 UHL lo0 fe80::%dc1/64 link#2UC dc1 fe80::2a0:ccff:fe33:e1f6%dc1 00:a0:cc:33:e1:f6 UHL lo0 fe80::%lo0/64 fe80::1%lo0 Uc lo0 fe80::1%lo0 link#4UHL lo0 ff01::/32 ::1 U lo0 ff02::/16 ::1 UGRS lo0 ff02::%dc0/32 link#1UC dc0 ff02::%dc1/32 link#2UC dc1 ff02::%lo0/32 ::1 UC lo0 And the results of netstat -rn on the Windows box: Active Routes: Network DestinationNetmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.110 20 127.0.0.0255.0.0.0127.0.0.1 127.0.0.1 1 192.168.1.0255.255.255.0192.168.1.110 192.168.1.110 20 192.168.1.110 255.255.255.255127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255192.168.1.110 192.168.1.110 20 224.0.0.0240.0.0.0192.168.1.110 192.168.1.110 20 255.255.255.255 255.255.255.255192.168.1.110 192.168.1.110 1 Default Gateway: 192.168.1.1 ===
SOLVED: NEWBIE: FreeBSD 4.10 Internet gateway/DNS problem
> > On Tue, Jul 13, 2004 at 10:51:21AM -0500, James A. Coulter wrote: > > > > > >I am trying to setup my FreeBSD 4.10 box as an internet gateway for a > > > small home LAN (2x Win XP and 1x Win 98SE) > > > > > >The LAN operates without any problems when using the Win 98SE box as a > > >gateway - all computers can access the internet > > > > > >I have two nics installed in the FreeBSD box: > > > > > > dc0 is the LAN interface via 4-port Linksys hub > > > > > > dc1 is the WAN interface via cable modem > > > > > >I have successfully connected to the internet with dc1 > > > > > >I can ping all other machines on my home LAN with dc0 and vice versa > > > > > >I cannot access the internet from any machine except the FreeBSD > gateway > > > > > >ifconfig looks like this: > > > > > > > > >I'm not sure what to do next. For some reason the Windows cannot > access a > > >name server. From what I understand from the literature I've been > using > > >(FreeBSD Handbook, Lehey's The Complete FreeBSD, and Anderson's > FreeBSD: > > > An Open-Source etc etc) all that should be needed is set > > > gateway_enable="YES" in /etc/rc.conf and I've done that. > > > > > >Google revealed some info on using natd for PPOE, but not sure if that > > >applies to this problem. > > > > Definitely you must use NAT. Search Handbook for Network Address > > Translation. > > > > >All suggestions/out-right solutions appreciated. > > > > > >TIA, > > > > > >Jim C. > > > > Hello. > You might try something like this in your /etc/rc.conf : > gateway_enable="YES" > ifconfig_dc1="DHCP" > dhcp_program="/sbin/dhclient" > dhcp_flags="-q" > ifconfig_dc0="inet 192.168.1.1 netmask 255.255.255.0" > natd_enable="YES" > natd_interface="dc0" > natd_flags="-dynamic" > And if you like some little protection : > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > firewall_type="OPEN" > firewall_logging="YES" > And it's never wrong to spend some time reading the man pages :-) > Don't forget to put the IP of your Gateway on the Winboxes. > /Hasse Sorry for the very late response and thanks very much for the suggestions to check out NAT. That was of course the problem. Being a newbie and life-long Windows user, I thought gateway_enable="YES" in rc.conf was the magic word. But it isn't and I read up on NAT and natd and built a custom kernel with: options IPFIREWALL options IPDIVERT and made the changes to rc.conf as detailed above and now my FreeBSD box is passing packets back and forth from all the Windows boxes on my LAN to the WAN beautifully. Thanks again for your help! Jim C. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
DHCP and the "SIMPLE" option in /etc/rc.firewall
I am setting up a firewall for a gateway/router running FreeBSD 4.10. This is for a small home LAN. I have already compiled and installed a custom kernel with the IPFIREWALL and IPDIVERT options and configured the firewall to pass any to any without any problems - now it's time to start locking it down. I would like to use the firewall_type="SIMPLE" option rc.conf. But I'm not sure how I should set up my external nic in /etc/rc.firewall, i.e: # set these to your outside interface network and netmask and ip oif="ed0" onet="192.0.2.0" omask="255.255.255.240" oip="192.0.2.1" My outside interface is connected to a cable modem and is configured for DHCP Without a static IP address for my outside interface, how do I set these options? TIA for your help. Jim C. --- Check it out: The Black Dog Gallery http://polaris.umuc.edu/~jcoulter ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: DHCP and the "SIMPLE" option in /etc/rc.firewall
Thanks - I'm going to give the Stateful + NATD rule set a try. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of JJB > Sent: Friday, July 30, 2004 8:20 AM > To: James A. Coulter; [EMAIL PROTECTED] > Subject: RE: DHCP and the "SIMPLE" option in /etc/rc.firewall > > > The handbook Firewall section has been rewritten. > > It's temporally available from www.a1poweruser.com/FBSD_firewall/ > as the Doc group works to sanitize the English. > It incorporates the long awaited solution to > getting ipfw + natd + stateful rules to function together, > as well as OpenBSD pf firewall which is scheduled to become > the third built in firewall software solution delivered with > the FreeBSD install when 5.x ever makes it to the stable branch. > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > James A. Coulter > Sent: Friday, July 30, 2004 8:59 AM > To: [EMAIL PROTECTED] > Subject: DHCP and the "SIMPLE" option in /etc/rc.firewall > > I am setting up a firewall for a gateway/router running FreeBSD 4.10. > > This is for a small home LAN. > > I have already compiled and installed a custom kernel with > the IPFIREWALL and IPDIVERT options and configured the > firewall to pass any to any without any problems - now it's > time to start locking it down. > > I would like to use the firewall_type="SIMPLE" option > rc.conf. But I'm not sure how I should set up my external > nic in /etc/rc.firewall, i.e: > > # set these to your outside interface network and netmask and ip > oif="ed0" > onet="192.0.2.0" > omask="255.255.255.240" > oip="192.0.2.1" > > My outside interface is connected to a cable modem and is > configured for DHCP > > Without a static IP address for my outside interface, how do > I set these options? > > TIA for your help. > > Jim C. > > --- > Check it out: The Black Dog Gallery http://polaris.umuc.edu/~jcoulter ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Firewall Rule Set not allowing access to DNS servers?
I am using FreeBSD 4.10 as a gateway/router for a small home LAN. My outside interface (dc1) is connected to a cable modem and is configured for DHCP. I have compiled and installed a custome kernel with IPFIREWALL and IPDIVERT options and with a rule set allowing any to any with no problems I am in the process of adding a proper rule set to provide security. I was referred to http://freebsd.a1poweruser.com:6088/FBSD_firewall/ and installed the Stateful + NATD Rule Set modified for my outside interface, domain name servers, and DHCP server. I can ping IP addresses and pass SMTP mail back and forth from the gateway/router and all machines on the LAN, but I cannot ping URLs - I am getting "ping: cannot resolve www.freebsd.org: Host name lookup failure" errors. This is what ipfw -a list looks like: sara# ipfw -a list 5 0 0 allow ip from any to any via xl0 00010 52 3640 allow ip from any to any via lo0 00014 0 0 divert 8668 ip from any to any in recv dc1 00015 0 0 check-state 00020 0 0 skipto 800 tcp from any to 68.105.161.20 53 keep-state out xmit dc1 setup 00021 0 0 skipto 800 tcp from any to 68.1.18.25 53 keep-state out xmit dc1 setup 00022 0 0 skipto 800 tcp from any to 68.10.16.30 53 keep-state out xmit dc1 setup 00030 0 0 skipto 800 udp from any to 172.19.17.22 67 keep-state out xmit dc1 00040 0 0 skipto 800 tcp from any to any 80 keep-state out xmit dc1 setup 00050 0 0 skipto 800 tcp from any to any 443 keep-state out xmit dc1 setup 00060 0 0 skipto 800 tcp from any to any 25 keep-state out xmit dc1 setup 00061 0 0 skipto 800 tcp from any to any 110 keep-state out xmit dc1 setup 00070 0 0 skipto 800 tcp from me to any uid root keep-state out xmit dc1 setup 00080 0 0 skipto 800 icmp from any to any keep-state out xmit dc1 00090 0 0 skipto 800 tcp from any to any 37 keep-state out xmit dc1 setup 00100 0 0 skipto 800 tcp from any to any 119 keep-state out xmit dc1 setup 00110 0 0 skipto 800 tcp from any to any 22 keep-state out xmit dc1 setup 00120 0 0 skipto 800 tcp from any to any 43 keep-state out xmit dc1 setup 00130 0 0 skipto 800 udp from any to any 123 keep-state out xmit dc1 00300 0 0 deny ip from 192.168.0.0/16 to any in recv dc1 00301 0 0 deny ip from 172.16.0.0/12 to any in recv dc1 00302 0 0 deny ip from 10.0.0.0/8 to any in recv dc1 00303 0 0 deny ip from 127.0.0.0/8 to any in recv dc1 00304 0 0 deny ip from 0.0.0.0/8 to any in recv dc1 00305 0 0 deny ip from 169.254.0.0/16 to any in recv dc1 00306 0 0 deny ip from 192.0.2.0/24 to any in recv dc1 00307 0 0 deny ip from 204.152.64.0/23 to any in recv dc1 00308 0 0 deny ip from 224.0.0.0/3 to any in recv dc1 00315 0 0 deny tcp from any to any 113 in recv dc1 00320 0 0 deny tcp from any to any 137 in recv dc1 00321 0 0 deny tcp from any to any 138 in recv dc1 00322 0 0 deny tcp from any to any 139 in recv dc1 00323 0 0 deny tcp from any to any 81 in recv dc1 00330 0 0 deny ip from any to any in recv dc1 frag 00332 0 0 deny tcp from any to any in recv dc1 established 00360 0 0 allow udp from 172.19.17.22 to any 68 keep-state in recv dc1 00370 0 0 allow tcp from any to me 80 limit src-addr 2 in recv dc1 setup 00370 0 0 allow tcp from any to me limit src-addr 2 in recv dc1 setup 00380 0 0 allow tcp from any to me 22 limit src-addr 2 in recv dc1 setup 00400 0 0 deny log logamount 10 ip from any to any in recv dc1 00450 81 5288 deny log logamount 10 ip from any to any out xmit dc1 00800 0 0 divert 8668 ip from any to any out xmit dc1 00801 645 59255 allow ip from any to any 00999 0 0 deny log logamount 10 ip from any to any 65535 1 347 deny ip from any to any This is what my /etc/rc.conf looks like: hostname="sara.mshome.net" ifconfig_dc1="DHCP" ifconfig_dc0="inet 192.168.1.1 netmask 255.255.255.0" firewall_enable="YES" firewall_script="/etc/ipfw.rules" firewall_logging="YES" kern_securelevel_enable="NO" linux_enable="YES" moused_enable="YES" named_enable="YES" nfs_client_enable="YES" nfs_reserved_port_only="YES" nfs_server_enable="YES" sendmail_enable="YES" sshd_enable="YES" usbd_enable="YES" ntpd_enable="YES" inetd_enable="YES" gateway_enable="YES" natd_enable="YES" natd_interface="dc1" natd_flags="-dynamic" Finally, this is what /etc/resolv.conf looks like: sara# more /etc/resolv.conf search pn.at.cox.net nameserver 68.105.161.20 nameserver 68.1.18.25 nameserver 68.10.16.30 Any ideas? Thanks, Jim C. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Firewall Rule Set not allowing access to DNS servers?
Thanks for the response. . . I changed rule 5 from x10 to dc0 - thanks Not sure why I would want my inside nic requesting DHCP service from my ISP. It has been working fine in the configuration I have it so I've left it the way it is. I checked the security log, and found this: Jul 30 08:58:37 sara /kernel: ipfw: 450 Deny UDP 68.105.58.150:2609 68.105.161.20:53 out via dc1 Jul 30 08:58:37 sara /kernel: ipfw: 450 Deny UDP 68.105.58.150:4067 68.1.18.25:53 out via dc1 Jul 30 08:58:37 sara /kernel: ipfw: 450 Deny UDP 68.105.58.150:3773 68.10.16.30:53 out via dc1 These are the three name servers specified in the rule set I checked the rule set and found this: # Allow out access to my ISP's Domain name server. # x.x.x.x must be the IP address of your ISP's DNS # Dup these lines if your ISP has more than one DNS server # Get the IP addresses from /etc/resolv.conf file $cmd 020 $skip tcp from any to 68.105.161.20 53 out via $pif setup keep-state $cmd 021 $skip tcp from any to 68.1.18.25 53 out via $pif setup keep-state $cmd 022 $skip tcp from any to 68.10.16.30 53 out via $pif setup keep-state Because security said the firewall was denying UDP packets, I changed the rules to this: $cmd 020 $skip udp from any to 68.105.161.20 53 out via $pif setup keep-state $cmd 021 $skip udp from any to 68.1.18.25 53 out via $pif setup keep-state $cmd 022 $skip udp from any to 68.10.16.30 53 out via $pif setup keep-state But that hasn't helped. I'm still getting: Jul 31 08:31:21 sara /kernel: ipfw: 550 Deny UDP 68.105.58.150:3178 68.105.161.20:53 out via dc1 Jul 31 08:31:21 sara /kernel: ipfw: 550 Deny UDP 68.105.58.150:4476 68.1.18.25:53 out via dc1 Jul 31 08:31:21 sara /kernel: ipfw: 550 Deny UDP 68.105.58.150:4747 68.10.16.30:53 out via dc1 FWIW, these rules are skipping to: # This is skipto location for outbound stateful rules $cmd 800 divert natd ip from any to any out via $pif $cmd 801 allow ip from any to any I apologize for being such a bother and I do appreciate any help or suggestions. TIA Jim C. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of JJB > Sent: Friday, July 30, 2004 1:20 PM > To: James A. Coulter; [EMAIL PROTECTED] > Subject: RE: Firewall Rule Set not allowing access to DNS servers? > > > Change this ipfw rule from > > 5 allow ip from any to any via xl0 > > To > 5 allow ip from any to any via dc0 > > because dc0 is the lan interface name and not xl0. > > > Change these statement in rc.conf because you have interface > name backwards. Dc1 is the NIC connected to your cable modem > and you want to get DHCP info from your ISP. Dc0 is the NIC > connected to your LAN. > > From > ifconfig_dc1="DHCP" > ifconfig_dc0="inet 192.168.1.1 netmask 255.255.255.0" > > to > ifconfig_dc0="DHCP" > ifconfig_dc1="inet 192.168.1.1 netmask 255.255.255.0" > > > You do not say how your LAN PCs get their ip address. > You can hard code them on each LAN PC > or you have to run isc-dhcp-server on your Gateway box to > auto assign ip address to LAN PCs. > > > > > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > James A. Coulter > Sent: Friday, July 30, 2004 10:56 AM > To: [EMAIL PROTECTED] > Subject: Firewall Rule Set not allowing access to DNS servers? > > I am using FreeBSD 4.10 as a gateway/router for a small home > LAN. My outside interface (dc1) is connected to a cable modem > and is configured for DHCP. > > I have compiled and installed a custome kernel with > IPFIREWALL and IPDIVERT options and with a rule set allowing > any to any with no problems > > I am in the process of adding a proper rule set to provide > security. I was referred to > http://freebsd.a1poweruser.com:6088/FBSD_firewall/ and > installed the Stateful + NATD Rule Set modified for my > outside interface, domain name servers, and DHCP server. > > I can ping IP addresses and pass SMTP mail back and forth > from the gateway/router and all machines on the LAN, but I > cannot ping URLs - I am getting "ping: cannot resolve > www.freebsd.org: Host name lookup failure" errors. > > > This is what ipfw -a list looks like: > > sara# ipfw -a list > 5 0 0 allow ip from any to any via xl0 > 00010 52 3640 allow ip from any to any via lo0 > 00014 0 0 divert 8668 ip from any to any in recv dc1 > 00015 0 0 check-state > 00020 0 0 skipto 800 tcp from any to 68.105.161.20 53 > keep-state out > xmit dc1 setup > 00021 0 0 skipto 800 tcp from any to 68.1.18.25 53 keep-state > out xmit > dc1 setup > 00022 0 0 skipto 800 tcp from any to 68.10.16.
RE: Firewall Rule Set not allowing access to DNS servers?
64 on isa0 atkbd0: flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 vga0: at port 0x3c0-0x3df iomem 0xa-0xb on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A sio1 at port 0x2f8-0x2ff irq 3 on isa0 sio1: type 16550A ppc0: at port 0x378-0x37f irq 7 on isa0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/9 bytes threshold plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to deny, logging limited to 10 packets/entry by default ad0: DMA limited to UDMA33, non-ATA66 cable or device ad0: 19623MB [39870/16/63] at ata0-master UDMA33 acd0: CDROM at ata0-slave PIO4 Mounting root from ufs:/dev/ad0s1a Thanks, Jim C. > -Original Message- > From: JJB [mailto:[EMAIL PROTECTED] > Sent: Saturday, July 31, 2004 10:28 AM > To: James A. Coulter; [EMAIL PROTECTED] > Subject: RE: Firewall Rule Set not allowing access to DNS servers? > > > You better re-read what you posted in early post. You posted > that dc1 is your outside NIC, which is connected to your > cable modem which is connected to your ISP. Your outside NIC > needs DHCP to get ip and dns info from your ISP. NOW YOU SAY > dc1 IS INSIDE INTERFACE NAME. Make up your mind which is correct. > > Verify you have correct interface name coded in ipfw rules > for NIC connected to cable modem and that the same NIC > interface name is the one in rc.conf with DHCP option. When > DHCP gets DNS info from ISP /etc/resolv.conf will auto > updated with correct info. Read comments in sample firewall > source and follow what comments say. You are making this > harder than it really is. > > Also there is no setup option on UDP packets just keepstate > > Post full contents of your current dmesg.boot, rc.conf, ipfw > rule set, and ipfw log files so people can see just want you > have configured. And answer question of how you are > assigning ip address to LAN PCs? Also post output of ifconfig > -a command after boot completes. > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > James A. Coulter > Sent: Saturday, July 31, 2004 9:55 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: RE: Firewall Rule Set not allowing access to DNS servers? > > Thanks for the response. . . > > I changed rule 5 from x10 to dc0 - thanks > > Not sure why I would want my inside nic requesting DHCP > service from my ISP. It has been working fine in the > configuration I have it so I've left it the way it is. > > I checked the security log, and found this: > > Jul 30 08:58:37 sara /kernel: ipfw: 450 Deny UDP > 68.105.58.150:2609 68.105.161.20:53 out via dc1 Jul 30 > 08:58:37 sara /kernel: ipfw: 450 Deny UDP 68.105.58.150:4067 > 68.1.18.25:53 out via dc1 Jul 30 08:58:37 sara /kernel: ipfw: > 450 Deny UDP 68.105.58.150:3773 68.10.16.30:53 out via dc1 > > These are the three name servers specified in the rule set > > I checked the rule set and found this: > > # Allow out access to my ISP's Domain name server. > # x.x.x.x must be the IP address of your ISP's DNS > # Dup these lines if your ISP has more than one DNS server > # Get the IP addresses from /etc/resolv.conf file > $cmd 020 $skip tcp from any to 68.105.161.20 53 out via $pif > setup keep-state $cmd 021 $skip tcp from any to 68.1.18.25 53 > out via $pif setup keep-state $cmd 022 $skip tcp from any to > 68.10.16.30 53 out via $pif setup keep-state > > Because security said the firewall was denying UDP packets, I > changed the rules to this: > > $cmd 020 $skip udp from any to 68.105.161.20 53 out via $pif > setup keep-state $cmd 021 $skip udp from any to 68.1.18.25 53 > out via $pif setup keep-state $cmd 022 $skip udp from any to > 68.10.16.30 53 out via $pif setup keep-state > > But that hasn't helped. I'm still getting: > > Jul 31 08:31:21 sara /kernel: ipfw: 550 Deny UDP > 68.105.58.150:3178 68.105.161.20:53 out via dc1 Jul 31 > 08:31:21 sara /kernel: ipfw: 550 Deny UDP 68.105.58.150:4476 > 68.1.18.25:53 out via dc1 Jul 31 08:31:21 sara /kernel: ipfw: > 550 Deny UDP 68.105.58.150:4747 68.10.16.30:53 out via dc1 > > FWIW, these rules are skipping to: > > # This is skipto location for outbound stateful rules > $cmd 800 divert natd ip from any to any out via $pif > $cmd 801 allow ip from any to any > > I apologize for being such a bother and I do appreciate any > help or suggestions. > > TIA > > Jim C. > > > > > -Original Message-
RE: Firewall Rule Set not allowing access to DNS servers?
I changed the DNS rules as you suggested, and the firewall works perfectly - thanks very much. This has been a great learning experience for me - thanks to all who responded. Jim C > -Original Message- > From: JJB [mailto:[EMAIL PROTECTED] > Sent: Saturday, July 31, 2004 1:08 PM > To: James A. Coulter; [EMAIL PROTECTED] > Subject: RE: Firewall Rule Set not allowing access to DNS servers? > > > Look back at the ipfw sample rule set and you will see that > there are both udp and tcp protocol access to DSN. Also not > that udp does not use setup keyword. > > # Allow out access to my ISP's Domain name server. > # x.x.x.x must be the IP address of your ISP's DNS > # Dup these lines if your ISP has more than one DNS server > # Get the IP addresses from /etc/resolv.conf file > $cmd 00110 allow tcp from any to x.x.x.x 53 out via $pif > setup keep-state $cmd 00111 allow udp from any to x.x.x.x 53 > out via $pif keep-state > > You DNS rules are > # Allow out access to my ISP's Domain name server. > # x.x.x.x must be the IP address of your ISP's DNS > # Dup these lines if your ISP has more than one DNS server > # Get the IP addresses from /etc/resolv.conf file > $cmd 020 $skip UDP from any to 68.105.161.20 53 out via $pif > setup keep-state $cmd 021 $skip UDP from any to 68.1.18.25 53 > out via $pif setup keep-state $cmd 022 $skip UDP from any to > 68.10.16.30 53 out via $pif setup keep-state > > As you can see you have no tcp protocol statements. > Your udp rules use setup keyword which is only for tcp rules > so your udp packets never match this rule and default to > getting blocked which is why you get log error messages and > you can not access public internet. > > Also if you look closely at the first 4 ipfw log messages you > will see first message is about ip address 193.0.14.129 which is the > primary dns server pointed to by url search pn.at.cox.net in > /etc/resolv.conf > > Change your DNS rules to look like this > > # Allow out access to my ISP's Domain name server. > # x.x.x.x must be the IP address of your ISP's DNS > # Dup these lines if your ISP has more than one DNS server > # Get the IP addresses from /etc/resolv.conf file > $cmd 020 $skip udp from any to 193.0.14.129 53 out via $pif > keep-state $cmd 021 $skip udp from any to 68.1.18.25 53 out > via $pif keep-state $cmd 022 $skip udp from any to > 68.10.16.30 53 out via $pif keep-state $cmd 023 $skip udp > from any to 68.105.161.20 53 out via $pif keep-state $cmd 024 > $skip tcp from any to 193.0.14.129 53 out via $pif setup > keep-state $cmd 025 $skip tcp from any to 68.1.18.25 53 out > via $pif setup keep-state $cmd 026 $skip tcp from any to > 68.10.16.30 53 out via $pif setup keep-state $cmd 027 $skip > tcp from any to 68.105.161.20 53 out via $pif setup keep-state > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > James A. Coulter > Sent: Saturday, July 31, 2004 1:09 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Firewall Rule Set not allowing access to DNS servers? > > My LAN is configured with static IP addresses, 192.168.1.x. > > I have no problems communicating within the LAN. > > I have full connectivity with the internet from every machine > on my LAN when the firewall is open. > > When I use the rule set in question, I can ping and send mail > but I cannot access the DNS servers listed in resolv.conf. > > These are the same DNS servers placed in resolv.conf when the > firewall is open. > > I'm sorry, but I never said dc1 was my inside nic. > > Again, I appreciate any help with this. The files you > requested follow. > > Here's my ifconfig - a: > > sara# ifconfig -a > dc0: flags=8843 mtu 1500 > inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 > inet6 fe80::204:5aff:fe76:55f0%dc0 prefixlen 64 scopeid 0x1 > ether 00:04:5a:76:55:f0 > media: Ethernet autoselect (100baseTX ) > status: active > dc1: flags=8843 mtu 1500 > inet6 fe80::2a0:ccff:fe33:e1f6%dc1 prefixlen 64 scopeid 0x2 > inet 68.105.58.150 netmask 0xfe00 broadcast 68.105.59.255 > ether 00:a0:cc:33:e1:f6 > media: Ethernet autoselect (100baseTX ) > status: active > lp0: flags=8810 mtu 1500 > lo0: flags=8049 mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > inet 127.0.0.1 netmask 0xff00 > ppp0: flags=8010 mtu 1500 > sl0: flags=c010 mtu 552 > faith0: flags=8002 mtu 1500 > > Here's resolv.conf: > > sara# more /etc/resolv.conf > search
Newbie Security Question
I recently got my firewall up and configured (many thanks to JJB and everyone else for their help) and have been reading the daily security message from root with a great deal of interest. My question is, when I see entries like this: Aug 5 17:55:54 sara sshd[2099]: Failed password for root from 209.120.224.13 +port 40515 ssh2 Aug 5 17:55:55 sara sshd[2101]: Failed password for root from 209.120.224.13 +port 60426 ssh2 Aug 5 17:55:55 sara sshd[2103]: Failed password for root from 209.120.224.13 +port 54447 ssh2 Aug 5 17:55:59 sara sshd[2105]: Failed password for root from 209.120.224.13 +port 44460 ssh2 is it safe to assume someone has been trying to hack my system? I did a whois search on the IP and it went to a provider in Colorado. I'm asking because I'm curious - thanks again for everyone's help. Jim C. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Security Log Question
Checked /var/log/security this morning and found these entries: Aug 4 09:00:45 sara /kernel: ipfw: limit 10 reached on entry 500 Aug 5 07:45:38 sara /kernel: drop session, too many entries Aug 5 17:54:32 sara /kernel: drop session, too many entries Aug 5 17:55:55 sara last message repeated 9 times Aug 6 01:56:44 sara /kernel: drop session, too many entries Aug 6 16:40:05 sara /kernel: drop session, too many entries Aug 7 13:25:23 sara /kernel: drop session, too many entries Aug 7 15:32:00 sara /kernel: drop session, too many entries Aug 7 15:32:03 sara last message repeated 3 times Can someone please tell this newbie if this something to be concerned about? Many thanks in advance! Jim C. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: -stable
Paul wrote: hi, i currently installed 4.10-release and cvsup to get -stable but it gave me 4.11-prelease is there a current tag that allow me to get 4.10-stable? regards, paul The same thing happened to me. After some googling, I found this: "RELENG_4 marks the 4-STABLE branch. OS names along this branch all have the major version number 4 but *aren't* tied to any particular minor version number. Those change about every four months. Yes, a 4.8-STABLE OS did exist, for a few months after 4.8-RELEASE came out. That was back between April and August 2003. Then that code branch was successively relabelled (over the course of a few weeks) as 4.9-PRERELEASE, 4.9-RC, etc. until for a vanishingly short time it was technically 4.9-RELEASE and then became 4.9-STABLE. At which it remained until a few weeks ago when it became 4.10-BETA, etc. etc. until right now, you get 4.10-STABLE. 4.10-RELEASE hasn't quite happened yet: any day now though." http://www.atm.tut.fi/list-archive/freebsd-stable/msg17655.html I don't think we can go back to 4.10-STABLE using the stable branch tag. 4.10-STABLE has become 4.11-PRERELEASE and will soon become 4.11-STABLE itself (scheduled date is 24 January 2005 - release schedule here: http://www.freebsd.org/releases/4.11R/schedule.html) HTH Jim -- James A. Coulter [EMAIL PROTECTED] http://jacoulter.net ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: -stable CORRECTION
James A. Coulter wrote: Paul wrote: hi, i currently installed 4.10-release and cvsup to get -stable but it gave me 4.11-prelease is there a current tag that allow me to get 4.10-stable? regards, paul The same thing happened to me. After some googling, I found this: "RELENG_4 marks the 4-STABLE branch. OS names along this branch all have the major version number 4 but *aren't* tied to any particular minor version number. Those change about every four months. Yes, a 4.8-STABLE OS did exist, for a few months after 4.8-RELEASE came out. That was back between April and August 2003. Then that code branch was successively relabelled (over the course of a few weeks) as 4.9-PRERELEASE, 4.9-RC, etc. until for a vanishingly short time it was technically 4.9-RELEASE and then became 4.9-STABLE. At which it remained until a few weeks ago when it became 4.10-BETA, etc. etc. until right now, you get 4.10-STABLE. 4.10-RELEASE hasn't quite happened yet: any day now though." http://www.atm.tut.fi/list-archive/freebsd-stable/msg17655.html I don't think we can go back to 4.10-STABLE using the stable branch tag. 4.10-STABLE has become 4.11-PRERELEASE and will soon become 4.11-STABLE itself (scheduled date is 24 January 2005 - release schedule here: http://www.freebsd.org/releases/4.11R/schedule.html) HTH Jim Sorry, I spoke too soon. Although I didn't find a procedure for it in the handbook, I read appendix A.6, CVS Tags,in the FreeBSD handbook and decided to try changing the default release tag from *default release=cvs tag=RELENG_4 to: *default release=cvs tag=RELENG_4_10 I then followed the make buildworld procedure in section 19.4 of the handbook and I now have: [EMAIL PROTECTED] ~ 314$ uname -a FreeBSD arlette.mshome.net 4.10-RELEASE-p5 FreeBSD 4.10-RELEASE-p5 #1: Sun Dec 19 20:43:22 CST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/ARLETTE i386 So you can go back to 4.10 if that's what you want, but 4.11 should be everything 4.10 was and then some. Jim -- James A. Coulter [EMAIL PROTECTED] http://jacoulter.net ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPFW - How to allow NAT client to CVSup
Srot BULL wrote: Hi to everyone, I have 2 FreeBSD machines both running FreeBSD Stable 5.3 and both have ipfw as firewalls... One is running ipfw with NAT functions. Below is the is the rulesets for the machine: < -- snip rulesets --> As you can see I am using the rulesets that are found in the Handbook. I have tried $CMD 00070 $SKIP tcp from me to any out via $INIC setup $KS uid root but still no go $CMD 00070 $SKIP tcp from me to any 5999 out via $INIC setup $KS but still no go Can anybody share their ipfw rulesets with me? To allow my other PC to cvsup... Thanks in advance... Srot BULL ___ I also had problems using a similar "stateful" ruleset with IPFW & NAT. As I understand it, a stateful ruleset will not allow passive ftp connections from machines behind the firewall (although I was able to establish passive ftp from my gateway/router/firewall machine itself) This problem is documented in the mailing lists if you want to research it. I ended up changing to a much simpler, non-stateful ruleset on my gateway/router/firewall machine: #!/bin/sh ipfw -q -f flush # Set rules command prefix cmd="ipfw -q add" pif="dc1" # public interface name of Nic card # facing the public internet $cmd 005 allow all from any to any via dc0 $cmd 050 divert natd ip from any to any via $pif $cmd 100 allow ip from any to any via lo0 $cmd 200 deny ip from any to 127.0.0.0/8 $cmd 300 deny ip from 127.0.0.0/8 to any $cmd 65000 allow ip from any to any $cmd 65535 deny log all ip from any to any This ruleset allows me establish passive ftp from any machine behind the firewall, including accomplishing CVSUP. So far I haven't had any problems with security. HTH Jim Coulter -- James A. Coulter [EMAIL PROTECTED] http://jacoulter.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Found This In /usr - @LongLink
I found this in /usr on two FBSD 4.11 boxen: -- 1 root wheel 105 Dec 31 1969 @LongLink One box is my firewall/router/gateway attached to a cable modem and the other is behind the firewall. The 1969 timestamp and lack of file attributes is making the small hair on the back of my neck standup. Is this normal? If so, what the heck is it? Or have I been rooted? Thanks! Jim -- James A. Coulter [EMAIL PROTECTED] http://jacoulter.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Found This In /usr - @LongLink
Eric F Crist wrote: James, I'm not trying to be rude, but a 30 second search through Google results for @LongLink turned up the following entry (on the first results page): Eric, You are correct and I did exactly that 30 seconds after hitting on the send button on that e-mail. Sorry - I'm a newbie, *nix is still a very strange and wonderous creature to me, and sometimes in my excitement I forget my mailing list ettiquette. To all the other newbies out there: Google and the FreeBSD handbook are our best friends. Jim -- James A. Coulter [EMAIL PROTECTED] http://jacoulter.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Security log question
This message has been showing up in /var/log/security: Aug 6 01:56:44 sara /kernel: drop session, too many entries Aug 6 16:40:05 sara /kernel: drop session, too many entries Aug 7 13:25:23 sara /kernel: drop session, too many entries Aug 7 15:32:00 sara /kernel: drop session, too many entries Aug 7 15:32:03 sara last message repeated 3 times Aug 8 22:30:53 sara /kernel: drop session, too many entries Aug 10 19:47:31 sara /kernel: drop session, too many entries Aug 11 11:11:46 sara /kernel: drop session, too many entries Aug 11 13:08:15 sara /kernel: drop session, too many entries Aug 11 13:10:26 sara last message repeated 12 times Aug 11 13:20:34 sara last message repeated 55 times Aug 11 13:30:00 sara last message repeated 66 times Aug 11 16:49:26 sara /kernel: drop session, too many entries Aug 11 16:49:58 sara last message repeated 5 times Aug 11 16:52:04 sara last message repeated 20 times Aug 11 17:02:01 sara last message repeated 93 times Aug 11 17:18:01 sara /kernel: drop session, too many entries Aug 11 17:23:03 sara /kernel: drop session, too many entries I'm running FreeBSD 4.10 with IPFW and NAT as a gateway/router/firewall for a home LAN. I am the only user (I hope!) with access to this system. I googled the "drop session" message and found e-mail correspondence indicating this message is a result of having too many telnet or ssh sessions open at the same time and could be an indication of a DOS attack. I have disabled telnet in inetd.conf. I am running ftp with anonymous log-in disabled and ssh with root login disabled. I am also running apache 1.3. Is this message something I should investigate further, or is it like the script kiddies who scan my ports every night - just something to live with? TIA for any enlightenment/suggestions anyone can provide. Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Security log question
On Sat, Aug 14, 2004 at 04:39:58PM +0200, Alex de Kruijff wrote: > On Wed, Aug 11, 2004 at 07:46:47PM -0500, James A. Coulter wrote: > > This message has been showing up in /var/log/security: > > > > Aug 6 01:56:44 sara /kernel: drop session, too many entries > > Aug 6 16:40:05 sara /kernel: drop session, too many entries > > Aug 7 13:25:23 sara /kernel: drop session, too many entries > > Aug 7 15:32:00 sara /kernel: drop session, too many entries > > Aug 7 15:32:03 sara last message repeated 3 times > > Aug 8 22:30:53 sara /kernel: drop session, too many entries > > Aug 10 19:47:31 sara /kernel: drop session, too many entries > > Aug 11 11:11:46 sara /kernel: drop session, too many entries > > Aug 11 13:08:15 sara /kernel: drop session, too many entries > > Aug 11 13:10:26 sara last message repeated 12 times > > Aug 11 13:20:34 sara last message repeated 55 times > > Aug 11 13:30:00 sara last message repeated 66 times > > Aug 11 16:49:26 sara /kernel: drop session, too many entries > > Aug 11 16:49:58 sara last message repeated 5 times > > Aug 11 16:52:04 sara last message repeated 20 times > > Aug 11 17:02:01 sara last message repeated 93 times > > Aug 11 17:18:01 sara /kernel: drop session, too many entries > > Aug 11 17:23:03 sara /kernel: drop session, too many entries > > > > I'm running FreeBSD 4.10 with IPFW and NAT as a gateway/router/firewall for a home > > LAN. I am the only user (I hope!) with access to this system. > > > > I googled the "drop session" message and found e-mail correspondence indicating > > this message is a result of having too many telnet or ssh sessions open at the > > same time and could be an indication of a DOS attack. > > > > I have disabled telnet in inetd.conf. I am running ftp with anonymous log-in > > disabled and ssh with root login disabled. I am also running apache 1.3. > > > > Is this message something I should investigate further, or is it like the script > > kiddies who scan my ports every night - just something to live with? > > Yes, but I don't think you are likly at risk to have someone bracking in > on you system. You're server proberbly just handle the traffic nicly. > You need to investigate further to find out what is causing this and > what you can do about it. > > P.S. I notices you have very lone lines in you'r mail and use mutt. > Whould you consider adding the following line to .muttrc (and install > vim) so that this is automaticly wraped at 72 char? > > set editor="vim +':set tw=72' +':set ww=<,>,h,l,[,]' %s" > > > -- > Alex Alex - thanks for the response and for the .muttrc tip. I added it and hopefully my mail will now wrap at 72 characters. Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Security question - uids of 0
The following appeared in my latest daily security run output: Checking for uids of 0: root 0 toor 0 This is the first time I've seen this message. I checked /etc/passwd and found this: root:*:0:0:Charlie &:/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root: I am running FreeBSD 4.10 as a gateway/router/firewall with IPFW for a small home LAN. I ran ps -aux and looked for any processes owned by "toor" but didn't find any. Is this something to be concerned about? Sorry if this is an obvious question, but I am still very much a newbie and trying to learn what I can about security. Thanks for your patience, Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Security question - uids of 0
On Mon, Aug 16, 2004 at 05:01:51PM +0200, Volker Kindermann wrote: > Hi James, > > > > The following appeared in my latest daily security run output: > > > > Checking for uids of 0: > > root 0 > > toor 0 > > > > This is the first time I've seen this message. > > > > I checked /etc/passwd and found this: > > > > root:*:0:0:Charlie &:/root:/bin/csh > > toor:*:0:0:Bourne-again Superuser:/root: > > > > I am running FreeBSD 4.10 as a gateway/router/firewall with IPFW for a > > small home LAN. > > > > I ran ps -aux and looked for any processes owned by "toor" but didn't > > find any. > > did you install bash? Normally, the bash from ports or packages will > install the "toor" account so you don't have to change root's shell. > > If you installed bash then there's nothing to worry about this entry. > If you don't need it, just use vipw and delete it. > > -volker Thank you Volker - I did install bash several weeks ago, so the sudden appearance of the message in my daily security run caught my attention. Thanks to everyone who sent the http://www.freebsd.org/doc/faq/security.html#TOOR-ACCOUNT link. Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problem with getway
On Wed, Aug 18, 2004 at 03:36:31PM +0800, AETCH wrote: > I have install freebsd 4.x,and have two netcards. > I want it as getway. > I have config "gateway_enable=YES" in rc.conf,and then reboot. > [a pc][freebsd]---[b pc] > After reboot , I try to use a pc to ping b pc ,it`s not work ,but a pc and > b pc can ping freebsd successful,why? > Please give me a hand. > Thanks!! > > aetch Have you built a kernel with IPFW enabled and have you enabled natd in your rc.conf? Both IPFW (or perhaps IPFILTER) must be enabled to allow packet forwarding. Just setting gateway="yes" in rc.conf isn't enough (I know - I made the same mistake) You will have to enable natd and IPFW (or maybe IPFILTER) in rc.conf and build a custom kernel with IPFW enabled. Here's the lines I added to my kernel: # IP Aliasing and Firewall options options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPDIVERT and here's what I put in my rc.conf: gateway_enable="YES" natd_enable="YES" natd_interface="dc1" natd_flags="-dynamic" You will also need to enable the firewall in rc.conf - what follows is for an entirely OPEN firewall, i.e. it allows anything and everything through. (But you must have the firewall enabled to use the IP forwarding capabilities): firewall_enable="YES" #firewall_type="OPEN" #firewall_script="/etc/openfirewall.rules" and the contents of /etc/openfirewall.rules: /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via dc1 /sbin/ipfw add pass all from any to any Chapter 8 of the handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html) and Chapter 14, Section 8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html have most of the information you'll need. In future posts, paste the contents of your rc.conf and any other files involved- that will help the list answer your question more quickly. HTH Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Nightly cron message question
On Wed, Aug 18, 2004 at 09:04:48AM -0500, Kevin D. Kinsey, DaleCo, S.P. wrote: > Jason Lieurance wrote: > > >Hello, > > > >Late couple days on our Freebsd 4.7 email/web server I've got this message > >in the > >nightly cron jobs: > > > > > >Checking setuid files and devices: > > > >Checking for uids of 0: > >root 0 > >toor 0 > > > > > > > > You have this line: > > ># 300.chkuid0 >daily_status_security_chkuid0_enable="YES" > >set in "/etc/defaults/periodic.conf" under the > "Security Options" heading, most likely. I was under > the impression that this was set by default, as that > is the name of the directory it's in. I would be curious > as to why this wasn't happening before. > > Check the dates on said file and directory. Have > you recently run "mergemaster", perhaps? > > > >I've searched and some said it had to do with an incomplete dmesg or > >something like > >that. There are some errors: > > > > > >><>pid 82522 (libhttpd.ep), uid 65534: exited on signal 11 > >> > >> > > Something dumped core or what not, then. > > >><>but I've had those before w/o the: > >> > >>Checking for uids of 0: > >> > >>Any thoughts, thanks. > > > > Like I said, completely normal, although why they weren't > coming in before I can't guess > > Kevin Kinsey > DaleCo, S.P. FWIW, I also began seeing the same message in my daily cron output file as well two days ago. Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Web browsing
On Sun, Sep 05, 2004 at 10:27:43PM -0400, Douglas wrote: > Um, I know this is going to sound stupid, but I am completely dumbfounded >as to how I can runa web browser in FreeBSD. I got so frustrated that I >didn't know how to use FreeBSD and the fact that Elmira is a Windows city >was completely agitating me, so I ended up uninstalling FreeBSD from my main >hardrive, re-installed Windows, and I am e-mailing you guys for help, but >don't fret, I have not left FreeBSD high and dry. I am going to install it >onto my very old 261MB SeaGate HDD. But if I am going to use FreeBSD I need >help getting used to it. Like, for example, how do I run a program, let's say >Netscape for example. Please do help! I have always heard good reports about >UNIX based OSes like FreeBSD. Thank-you. If you're unfamiliar with UNIX and need some tutorials to help you find your way around, Dru Lavigne's articles at http://www.onlamp.com/pub/ct/15 are a great way to get to know FreeBSD and UNIX in general. It takes some time and a lot of trial and error but it's worth it. Good luck! Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Help with IPFW + NATD + Passive FTP
W rules file ### - # rc.conf # -- sysinstall generated deltas -- # Sun Jul 4 10:40:48 2004 # Created: Sun Jul 4 10:40:48 2004 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. hostname="sara.mshome.net" ifconfig_dc1="DHCP" ifconfig_dc0="inet 192.168.1.1 netmask 255.255.255.0" firewall_enable="YES" firewall_script="/etc/ipfw.rules" firewall_logging="YES" kern_securelevel_enable="NO" linux_enable="YES" moused_enable="YES" named_enable="YES" nfs_client_enable="YES" nfs_reserved_port_only="YES" nfs_server_enable="YES" sendmail_enable="NONE" sshd_enable="YES" usbd_enable="YES" ntpd_enable="YES" inetd_enable="YES" gateway_enable="YES" natd_enable="YES" natd_interface="dc1" natd_flags="-dynamic" apache_enable="YES" -- James A. Coulter [EMAIL PROTECTED] http://jacoulter.net ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dual booting FreeBSD and Windows XP - PROBLEM SOLVED
- Original Message - From: "Jud" <[EMAIL PROTECTED]> To: "John DeStefano" <[EMAIL PROTECTED]>; "James A. Coulter" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: "freebsd-questions" <[EMAIL PROTECTED]> Sent: Friday, August 01, 2003 8:01 AM Subject: Re: Dual booting FreeBSD and Windows XP - PROBLEM > On Fri, 1 Aug 2003 07:09:30 -0700 (PDT), "John DeStefano" > <[EMAIL PROTECTED]> said: > > "James A. Coulter" <[EMAIL PROTECTED]> wrote: > > - Original Message - > > From: "John DeStefano" > > To: > > Sent: Thursday, July 31, 2003 11:17 AM > > Subject: Re: Dual booting FreeBSD and Windows XP > [snip] > > GAG worked great on my Dell Inspirion 2650 FreeBSD - XP/setup, but when I > > installed it on an old Gateway with Win98 - FreeBSD, it did something > > funky. > > > > I get the GAG boot screen and regardless of whether I choose Win98 or > > FreeBSD the system states it is starting Windows 98 and then, after > > attempting to access the floppy drive, asks "Type the name of the Command > > Interpreter (e.g., C:\WINDOWS\COMMAND.COM)" and finishes with the A> > > prompt. > > > > Entering C:\WINDOWS\COMMAND.COM is not recoginized by the system (it > > repeats > > the request for the command interpreter) and inserting a floppy with > > COMMAND.COM results in the system freezing. > > > > I tried booting from floppy, worked fine, but system will not recoginize > > the > > c: drive. > > > > Uninstalling GAG only removes the GAG start-up screen, system still asks > > for > > the command interpreter. > > > > Read the GAG instructions and FAQ - no luck. > > > > Anyone had a problem like this? Any suggestions on how to restore my hard > > drive without losing any data? > > > > Thanks, > > > > Jim > > > > > > I'm no guru, but this could be as simple as re-installing GAG, removing > > all file systems from the menu, and starting from scratch to re-add your > > OS selections (which will take all of a minute's time). This worked for > > me once when I had a problem booting; something had changed on the disk > > and GAG just needed to adjust to the change. Give it a try. > > > > Failing that... I don't know whether 98 has a 'repair install' option > > like XP does, but if so, that might be a solution. Also might work to > > let BSD write its boot menu to the MBR. Maybe someone else can chime in > > with more info. > > > > ~John > > When you get to the A: prompt, type fdisk /mbr. If it gives you an > error, start up the next time with a Windows restore floppy and try it > again. That will restore your Win98 bootloader. Then you can try > reinstalling GAG. If it doesn't work, you can try FreeBSD's bootloader, > Grub (/usr/ports/sysutils/grub), or any of several other options. > > Since this isn't a GAG helpline ;-), future correspondence should > probably be sent off-list. > > Jud The Windows restore floppy worked. Problem was caused by the hard drive restore program (GoBack). Once I disabled it and restored the mbr everything worked fine. Thanks for your help and sorry about going off-topic. I got the GAG idea from the -questions list and figured it might be the place to find someone who had had the problem before. Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
