From owner-freebsd-questions@FreeBSD.ORG Sun Dec 5 16:33:24 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF21916A4CE for ; Sun, 5 Dec 2004 16:33:24 +0000 (GMT) Received: from mail4.speakeasy.net (mail4.speakeasy.net [216.254.0.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8C1043D49 for ; Sun, 5 Dec 2004 16:33:24 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 30515 invoked from network); 5 Dec 2004 16:33:24 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail4.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 5 Dec 2004 16:33:24 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id A01E743; Sun, 5 Dec 2004 11:33:23 -0500 (EST) Sender: lowell@be-well.ilk.org To: junkmail@sensewave.com References: <20041203061207.GB1323@tyven.la3sg.net> From: Lowell Gilbert Date: 05 Dec 2004 11:33:23 -0500 In-Reply-To: <20041203061207.GB1323@tyven.la3sg.net> Message-ID: <44r7m49030.fsf@be-well.ilk.org> Lines: 22 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-questions@freebsd.org Subject: Re: daily security run output messages X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Dec 2004 16:33:25 -0000 Kjell Midtseter writes: > List members! > > My daily security run output contains lots of kernel log messages like the following: > > Connection attempt to UDP 10.0.0.10:1099 from 217.13.4.21:53 > > Connection attempt to UDP 10.0.0.10:3204 from 193.75.75.193:53 > ------ > What are the significanse of these messages? > > My ipf firewall contains: > # domain name servers (dns) > pass in quick on rl0 proto udp from 217.13.4.21/32 to any port = 53 keep state > ------ > Should I make any changes to my firewall settings? Looks like a NAT problem; is your 10.0.0.10 address supposed to be visible to the ISP's DNS server? -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/