Re: loopback not working for anything other than 127.0.0.1
On Mon, Sep 24, 2001 at 09:15:38AM +1200, Juha Saarinen wrote:
:: I don't think any RFC actually calls for this, but 1122 is probably
:: the relevant reference. From 3.2.1.3:
:: (g) { 127, any }
::
:: Internal host loopback address. Addresses of this form
:: MUST NOT appear outside a host.
RFC 990 seems to cover it though:
The class A network number 127 is assigned the loopback
function, that is, a datagram sent by a higher level protocol
to a network 127 address should loop back inside the host. No
datagram sent to a network 127 address should ever appear on
any network anywhere.
FYI, RFC 990 is obsolete, the current version is RFC 1700:
0990 Assigned numbers. J.K. Reynolds, J. Postel. Nov-01-1986. (Format:
TXT=174784 bytes) (Obsoletes RFC0960) (Obsoleted by RFC1010) (Updated
by RFC0997) (Status: US:) (Status: HISTORIC)
1010 Assigned numbers. J.K. Reynolds, J. Postel. May-01-1987. (Format:
TXT=78179 bytes) (Obsoletes RFC0990) (Obsoleted by RFC1060) (Status:
US:) (Status: HISTORIC)
1060 Assigned numbers. J.K. Reynolds, J. Postel. Mar-01-1990. (Format:
TXT=177923 bytes) (Obsoletes RFC1010) (Obsoleted by RFC1340) (Status:
US:) (Status: HISTORIC)
1340 Assigned Numbers. J. Reynolds, J. Postel. July 1992. (Format:
TXT=232974 bytes) (Obsoletes RFC1060) (Obsoleted by RFC1700) (Status:
US:) (Status: HISTORIC)
1700 Assigned Numbers. J. Reynolds, J. Postel. October 1994. (Format:
TXT=458860 bytes) (Obsoletes RFC1340) (Also STD0002) (Status: US:)
(Status: STANDARD)
--
Chris D. Faulhaber - [EMAIL PROTECTED] - [EMAIL PROTECTED]
FreeBSD: The Power To Serve - http://www.FreeBSD.org
PGP signature
Re: loopback not working for anything other than 127.0.0.1
On Sun, Sep 23, 2001 at 01:24:49AM -0400, Kutulu wrote: Linux does have some company, though not very prestigious... from Win2k Professional: Pinging 127.1.2.3 with 32 bytes of data: Reply from 127.1.2.3: bytes=32 time10ms TTL=128 Reply from 127.1.2.3: bytes=32 time10ms TTL=128 Reply from 127.1.2.3: bytes=32 time10ms TTL=128 Reply from 127.1.2.3: bytes=32 time10ms TTL=128 Ping statistics for 127.1.2.3: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Interesting. There's been a popular rumour that Microsoft availed itself to the liberal BSD license, and availed itself to the FreeBSD protocol stack. The rumor further said that if you pointed an OS fingerprinting program at a Win2k box it would be identified as FreeBSD. That would not seem to be the case now (if it ever was). Attached is the output of an nmap scan of my Sony Vaio with Win2k Pro. And yes, it will respond to pings of any 127.0.0.0/8 address. --K -crl -- Chad R. Larson (CRL15) 602-953-1392 Brother, can you paradigm? [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] DCF, Inc. - 14623 North 49th Place, Scottsdale, Arizona 85254-2207 # Log of: nmap -v -sT -O -F -o /tmp/vaio.scan vaio Interesting ports on vaio.dcfinc.com (192.168.1.17): PortState Protocol Service 7 opentcpecho 9 opentcpdiscard 13 opentcpdaytime 17 opentcpqotd 19 opentcpchargen 135 opentcploc-srv 139 opentcpnetbios-ssn 445 opentcpmicrosoft-ds 1025opentcplisten TCP Sequence Prediction: Class=random positive increments Difficulty=16939 (Worthy challenge) Sequence numbers: F3631C8 F3713DD F37EFFF F3876CC F39CC34 F3A9F3C No OS matches for host (see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: TSeq(Class=RI%gcd=1%SI=2885) TSeq(Class=RI%gcd=1%SI=2283) TSeq(Class=RI%gcd=1%SI=422B) T1(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
Re: Port or build instructions for mod_jk 3.2.3?
On Sun, Sep 23, 2001 at 02:35:43PM -0700, James Bucanek wrote: [Sun Sep 23 14:05:53 2001] [warn] Loaded DSO mod_jk-3.2.3/libexec/apache/mod_jk.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) You need the EAPI also if you want to use mod_ssl as a DSO. If you start by building apache-mod_ssl from the ports, you'll be two thirds the way there. -crl -- Chad R. Larson (CRL15) 602-953-1392 Brother, can you paradigm? [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] DCF, Inc. - 14623 North 49th Place, Scottsdale, Arizona 85254-2207 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
/dev/null permission change from 4.3 - 4.4...
Howdy. This question was originally framed as a why doesn't uptime work for users in 4.4, when it used to in 4.3, but after looking into things further, it's now a why is /dev/null set to mod 0600? On a 4.3 system that I have, the perms on dev/null are 666. I've chmod'ed all of my boxen back to 0666, but... I'm curious as to why this happened and the rationale behind the change. I've observed this difference on at least 15 other 4.4 systems. What gives? -sc PS Build processes was: cd /usr/src make update make world make kernel KERNCONF=KERNNAME mergemaster -- Sean Chittenden To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: loopback not working for anything other than 127.0.0.1
Juha Saarinen [EMAIL PROTECTED] writes: I thought about some of the things mentioned in that thread, and having the ability to use some of the 127/8 addresses could actually be useful. Is it possible to create aliases for the loopback interface? I'm not sure this is relevant, but I wondered if the KERNCONF syntax pseudo-device loop [count] holds like it does for pseudo-device ppp [count], to create, say, a lo1 device, but there's no loop(4) man page like there is a ppp(4) man page. (Anyone want to write a loop(4) man page? I don't.) I only looked at source as far as /sys/net/if_loop.c where it appears to me that multiple lo devices are supported. I suppose they would assigned numbers other than 127.0.0.1. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: /dev/null permission change from 4.3 - 4.4...
On Sun, 23 Sep 2001 at 17:52:13 -0700, Sean Chittenden wrote: Howdy. This question was originally framed as a why doesn't uptime work for users in 4.4, when it used to in 4.3, but after looking into things further, it's now a why is /dev/null set to mod 0600? On a 4.3 system that I have, the perms on dev/null are 666. I've chmod'ed all of my boxen back to 0666, but... I'm curious as to why this happened and the rationale behind the change. I've observed this difference on at least 15 other 4.4 systems. What gives? Hmm, it's still marked with the sign of the beast here. $ ls -l /dev/null crw-rw-rw- 1 root wheel2, 2 Sep 23 07:47 /dev/null $ uname -a FreeBSD athalon 4.4-STABLE FreeBSD 4.4-STABLE #9: Sun Sep 23 07:40:24 SAST 2001 root@athalon:/usr/obj/usr/src/sys/ATHALON i386 $ -- Piet Delport [EMAIL PROTECTED] Today's subliminal thought is: PGP signature
Re: loopback not working for anything other than 127.0.0.1
On Sun, Sep 23, 2001 at 06:01:48PM -0700, Gary W. Swearingen wrote: Juha Saarinen [EMAIL PROTECTED] writes: I thought about some of the things mentioned in that thread, and having the ability to use some of the 127/8 addresses could actually be useful. Is it possible to create aliases for the loopback interface? I'm not sure this is relevant, but I wondered if the KERNCONF syntax pseudo-device loop [count] holds like it does for pseudo-device ppp [count], to create, say, a lo1 device, but there's no loop(4) man page like there is a ppp(4) man page. (Anyone want to write a loop(4) man page? I don't.) lo(4) -- Chris D. Faulhaber - [EMAIL PROTECTED] - [EMAIL PROTECTED] FreeBSD: The Power To Serve - http://www.FreeBSD.org PGP signature
Re: /dev/null permission change from 4.3 - 4.4...
On Sun, Sep 23, 2001 at 05:52:13PM -0700, Sean Chittenden wrote: Howdy. This question was originally framed as a why doesn't uptime work for users in 4.4, when it used to in 4.3, but after looking into things further, it's now a why is /dev/null set to mod 0600? On a 4.3 system that I have, the perms on dev/null are 666. Something must have gone wrong..it's still supposed to be 666, and is on my machines. Kris PGP signature
RE: loopback not working for anything other than 127.0.0.1
:: FYI, RFC 990 is obsolete, the current version is RFC 1700:
:: 1700 Assigned Numbers. J. Reynolds, J. Postel. October 1994. (Format:
:: TXT=458860 bytes) (Obsoletes RFC1340) (Also STD0002)
:: (Status: US:)
:: (Status: STANDARD)
g) {127, any}
Internal host loopback address. Should never appear outside
a host.
Seems to say the same thing.
--
Juha
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-stable in the body of the message
127/8 continued
Misunderstood what Lamont was trying to show earlier... but he's right: FreeBSD sends 127/8 out on the 'Net: # ping 127.0.0.4 PING 127.0.0.4 (127.0.0.4): 56 data bytes 36 bytes from GE0-0-0.nzsx-core1.Auckland.telstra.net (203.98.4.3): Destination Host Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 2574 0 f9 01 e6d5 210.48.100.42 127.0.0.4 ^C --- 127.0.0.4 ping statistics --- 175 packets transmitted, 0 packets received, 100% packet loss -- Juha Saarinen To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: 127/8 continued
On Mon, Sep 24, 2001 at 04:06:45PM +1200, Juha Saarinen wrote:
Misunderstood what Lamont was trying to show earlier... but he's right:
FreeBSD sends 127/8 out on the 'Net:
I don't think FreeBSD is non-compliant for sending packets with
destination 127/8 out onto the net, but I guess it could make it
harder for users to send packets with moronic destinations out.
--- rc.network.orig Mon Sep 24 00:08:17 2001
+++ rc.network Mon Sep 24 00:14:05 2001
@@ -346,6 +346,13 @@
done
fi
+ # Add a blackhole static route for 127/8, since packets with
+ # that destination should be caged up and starved
+ lo0_inet=$(ifconfig lo0 | awk '($1 == inet) { print $2; exit; }')
+ if [ -n ${lo0_inet} ]; then
+ route add 127.0.0.0 -netmask 255.0.0.0 ${lo0_inet} -blackhole
+ fi
+
echo -n 'Additional routing options:'
case ${tcp_extensions} in
[Yy][Ee][Ss] | '')
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-stable in the body of the message
IPFirewall
Hello all Thank you all people for the hints. Now it works. -- Regards Martin Schweizer [EMAIL PROTECTED] PC-Service M. Schweizer; Gewerbehaus Schwarz; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: 127/8 continued
On Mon, Sep 24, 2001 at 12:17:14AM -0400, Joe Abley wrote:
On Mon, Sep 24, 2001 at 04:06:45PM +1200, Juha Saarinen wrote:
Misunderstood what Lamont was trying to show earlier... but he's right:
FreeBSD sends 127/8 out on the 'Net:
I don't think FreeBSD is non-compliant for sending packets with
destination 127/8 out onto the net, but I guess it could make it
harder for users to send packets with moronic destinations out.
--- rc.network.orig Mon Sep 24 00:08:17 2001
+++ rc.network Mon Sep 24 00:14:05 2001
@@ -346,6 +346,13 @@
done
fi
+ # Add a blackhole static route for 127/8, since packets with
+ # that destination should be caged up and starved
+ lo0_inet=$(ifconfig lo0 | awk '($1 == inet) { print $2; exit; }')
+ if [ -n ${lo0_inet} ]; then
+ route add 127.0.0.0 -netmask 255.0.0.0 ${lo0_inet} -blackhole
+ fi
+
echo -n 'Additional routing options:'
case ${tcp_extensions} in
[Yy][Ee][Ss] | '')
Why -blackhole?
Those packets are _supposed_ to get back to this host. That's
what loopback is for.
I've been using this in /etc/rc.local for a long time:
echo -n ', fixing localhost net route'
route add -net 127. -netmask 255.0.0.0 -iface lo0
Can't remember when I started. Basically as soon as I
discovered that the wrong thing was happening.
--
Andrew
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-stable in the body of the message
