Re: Remote filter block help required.

Sun, 2 Jan 2000 20:25:30 -0500 (EST) 


Cliff Pryce wrote:
> 
>                 In my log files created by syslog.exe I have recently
> started receiving thousands of these entries per day:
> 
>                 17 5 Jan  2 16:09:36 FILTER: Remote access filter blocks:
> UDP lo0 [10.3.2.111/1346]->[10.3.2.111/53] l=41.
>...
 
>                 Having searched all the documentation, I can find no
> relative info for the "lo0" port.

lo0 is your loopback interface, which is an internal theoretical interface
that every tcp/ip network has.  Just as eth0, or eth1 has an ip address associated
with it (10.3.2.111), so does lo0... the associated ip address is 127.0.0.1.

So what you're seeing is local UDP traffic on the lo0 interface, that is, traffic from
the gnat-box OS itself, on a client port (1346) being denied as it was destined for the
same computer's port 53.  Because it started from a client port, it came from a client
process, not a server process.  Becuase it was UDP destined for port 53, it was almost
certainly a DNS lookup.

I'm not sure as to the nitty gritty of why your rules blocked that traffic.
You need to allow the lo0 interface to get ICMP traffic in and out of itself
to ping your two nics, and you may need to allow for DNS with your setup.

You might want to check your /etc/hosts and see that all your computer names
are resolvable to ip address.  That might stop the lookups.  There's probably
a menu option to do that.

 
>                 The ip that this is blocking is in fact my external IP
> address.  This error/block continues even though all workstations have been
> shut down and the gnat box disconnected at the protected and external
> network cards.

It's ok because it comes from the local host.  Buuuuut.....
Here's the second instance in one day where I've read that someone's external 
registered IP address is on the Class A 10.x.y.z network, which is impossible
as we all know that the 10.any.th.ing subnet is reserved for private LAN's and 
is non-routable.  I even saw an outbound trace that worked.  I guess people are
running some kind of network masq'ing.

Cheers!
Matthew



> 
>                 Any help would be greatly appreciated.
> 
>                 I use PGP for Authentication and Encryption
>                 PGP freeware can be found at www.pgp.com
> <http://www.pgp.com>
> 
>   
>------------------------------------------------------------------------------------------------------------------------
>                   Name: winmail.dat
>    winmail.dat    Type: Media Clip (application/x-unknown-content-type-mplayer)
>               Encoding: base64
























					Reply via email to