I have two FreeBSD 4.8-Stable boxen connected by a VPN (mpd) which, at
just after 5 this morning and about five minutes apart, started
generating ipfw logs like this:

Sep 29 05:02:35 <security.info> kirk /kernel: ipfw: 200 Deny UDP 
<externalIP>:<sendport> 127.0.0.2:53 out via <external_iface>

<sendport> matches the UDP *:port binding of named, so I figure named
is doing this (besides it being port 53).  I shut down and restarted
named on one box only to have it start the same behavior inside four
minutes again.  I then shut down the VPN link and then restarted named
again (on the same box), and BOTH boxes stopped doing this.  Funny
thing though:  The box on which I shut down named was about five
minutes later than the other box at starting all this in the first
place.

Any ideas?  I particularly don't know why named suddenly took interest
in using address 127.0.0.2, besides wondering what triggered both
boxes almost at once and why shutting down the connection stopped the
problem in both places even though timestamps seem to point to the
problem originating at the other end of the link from where I
restarted named...


-- 
Doug Lee           [EMAIL PROTECTED]        http://www.dlee.org
Bartimaeus Group   [EMAIL PROTECTED]   http://www.bartsite.com
"The most exciting phrase to hear in science, the one that heralds
new discoveries, is not 'Eureka!' ('I found it!') but rather 'hmm....
that's funny...'"  --   Isaac Asimov
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to