Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 13 Jan 2000 09:27:57 -0600 (CST)
From:      Gene Harris <zeus@tetronsoftware.com>
To:        Gawel <gawel@sim.com.pl>
Cc:        freebsd-stable@FreeBSD.ORG
Subject:   Re: portmap
Message-ID:  <Pine.BSF.4.10.10001130910560.28349-100000@tetron02.tetronsoftware.com>
In-Reply-To: <387DB3BB.8D85E624@sim.com.pl>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Thu, 13 Jan 2000, Gawel wrote:

>  Hello,
>  I 've got it several times:
>  portmap[16116]: connect from 195.31.252.2 to dump(): request from
>  unauthorized host.
>  It is harmless but annoying.
>  Is there any way to prevent portman listening requests on a NIC, ip,
>  etc. besides using hosts.allow?
>  
>  Thanks,
>  Gawel
>  
>  

I hate to sound gummy, but do you want to stop the logging
messages to the console, or do you want to stop portmapper
from listening on your external NIC?

If you want to stop the logging, try something like
portmap: 10.0.0.0 : severity auth.crit : deny

Then change your syslog.conf to not log auth.crit.  I
generally just use the following in my syslog.conf:

auth.*		/var/log/auth.log

to redirect all auth logging to auth.log instead of
messages.  You'll need to adjust your syslog.conf to your
tastes to determine what ends up on your console.

If you want to just block port 111, then use ipfw,
something like

ipfw 10000 add unreachable host-unknown from any to
xx.yy.zz.aa 111 via nic setup

should do the trick.  You'll need to change the xx.yy.zz.aa
to your ip and nic to your external NIC.  This little nasty
sends a surprising ICMP 3,7 back to whomever is attempting
to setup a connection to your portmapper.

I hope this helps you solve your issue,
*==========================================================*
*Gene Harris                  http://www.tetronsoftware.com*
*FreeBSD Novice                                            *
*==========================================================*



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001130910560.28349-100000>