Natd -deny_incoming -log_denied

Natd -deny_incoming -log_denied

Post by Thomas Wol » Fri, 08 Oct 1999 04:00:00



Hi there,

I am using natd with the -deny_incoming -log_denied options on our gateway.
Everything works but natd keeps logging messages like:
Oct  7 14:00:28 tele natd[178]: denied [UDP] 212.186.26.203:2301 ->
255.255.255.255:2301
Oct  7 14:00:29 tele natd[178]: denied [TCP] 212.17.70.119:1840 ->
128.130.2.9:1080
Oct  7 14:00:29 tele natd[178]: denied [TCP] 212.17.70.119:1846 ->
128.130.2.9:1080
Oct  7 14:00:29 tele last message repeated 7 times
Oct  7 14:00:31 tele natd[178]: denied [UDP] 195.34.144.175:520 ->
195.34.144.255:520
Oct  7 14:00:35 tele natd[178]: denied [UDP] 212.186.93.126:1747 ->
255.255.255.255:164
Oct  7 14:00:45 tele natd[178]: denied [UDP] 212.186.93.126:1747 ->
255.255.255.255:164
Oct  7 14:00:52 tele natd[178]: denied [UDP] 212.186.26.203:1034 ->
255.255.255.255:2301
Oct  7 14:00:53 tele natd[178]: denied [UDP] 212.17.67.170:520 ->
212.17.67.255:520
The port most often used is 520 (hundreds of them).
Note that none of the target IPs match our own IP.
I am a little bit confused why all those packets are seen by natd as the man
page says for -deny_incoming:

"Reject packets destined for the *current IP number* that have no entry in
the internal translation table."

when i disabled natd and configured ipfw for "deny tcp/ip/udp log from any
to any via ed1",
ipfw did not log anything than requests for our IP.

Is this normal behaviour ?

Thomas

 
 
 

Natd -deny_incoming -log_denied

Post by Tony Voe » Sat, 09 Oct 1999 04:00:00



> I am using natd with the -deny_incoming -log_denied options on our gateway.
> Everything works but natd keeps logging messages like:
> Oct  7 14:00:29 tele natd[178]: denied [TCP] 212.17.70.119:1840 ->
> 128.130.2.9:1080
> Oct  7 14:00:29 tele natd[178]: denied [TCP] 212.17.70.119:1846 ->
> 128.130.2.9:1080

Someone is trying to connect to a SOCKS server.

Quote:> Oct  7 14:00:31 tele natd[178]: denied [UDP] 195.34.144.175:520 ->
> 195.34.144.255:520

This is a router broadcast.

Quote:> Oct  7 14:00:35 tele natd[178]: denied [UDP] 212.186.93.126:1747 ->
> 255.255.255.255:164
> Oct  7 14:00:45 tele natd[178]: denied [UDP] 212.186.93.126:1747 ->
> 255.255.255.255:164

"smip-agent", whatever that is.

Quote:> The port most often used is 520 (hundreds of them).

These are routers that are looking for friends.

Quote:> when i disabled natd and configured ipfw for "deny tcp/ip/udp log from any
> to any via ed1",
> ipfw did not log anything than requests for our IP.

If your configuration is correct most strange packets are coming from the
outside (ed0 perhaps?).

Quote:> Is this normal behaviour ?

Most likely, yes. Drop them with ipfw.

tv

 
 
 

1. NATD -deny_incoming

I'm running natd on  2.2.7. The "public" interface is configured via
DHCP. If I use the "-deny_incoming" option for natd, would the box still
be able to renew it's public IP address? or would the renewal offer end
up in the bitbucket because it's not for a host in the translation
table?

2. Counting script

3. natd problem - natd[121]: failed to write packet back (Permission denied).

4. no permission-file write on mounted ntfs

5. ppp's "nat deny_incoming yes" option doesn't log denied packets ?

6. Getting terminal characteristics from SAMSON based telnet sessions

7. Userland ppp: Insecure deny_incoming

8. Pop3 server for solaris 2.2?

9. need help with natd error "natd[140]: failed to write packet back (no route to host)"

10. natd/ipfw

11. NATD problem

12. Newbie 'natd' problem

13. natd and ipfw