Security Basics mailing list archives
RE: [leaf-user] udp masq entry and dns abuse
From: "Luis.F.Correia" <Luis.F.Correia () seg-social pt>
Date: Tue, 17 Feb 2004 08:44:44 -0000
My uneducated guess is that with this setup, every dnscache query to the DNS servers, also counts as a NAT connection. You should move dnscache to youe leaf-router to avoid this. Also, with this setup, you have in fact double NAT. Web caching is possible using only one eth on your RH9 box. But again, these are only my 0.02 EUR cents ;) Luis Correia Bering uClibc Team Member PGP Fingerprint: BC44 D7DA 5A17 F92A CA21 9ABE DFF0 3540 2322 21F6 Key Server: http://pgp.mit.edu
-----Original Message----- From: greg gede [mailto:mymilis2000 () yahoo com] Sent: Tuesday, February 17, 2004 2:59 AM To: leaf-user; milis securityfocus Subject: [leaf-user] udp masq entry and dns abuse Lately i'm having problem with udp masq entry in my internet leaf-router with a lot of messages like this: IP_MASQ:ip_masq_new(proto=UDP): could not get free masq entry (free=36864) here's my network looks like : ------------- ----------------------- |leaf-router| |RH9 squid & dnscachex| to -----|eth0 eth1|---|HUB|--|eth0 eth1| internet| | | | ------------- ----------------------- | | |switch| | | | subnet A - | | | subnet B --- | | subnet C ------| everytime i stop dnscachex, the messages also stop. am i having dns abuse from my internal network? or is it because there are too many clients in my internal network? how do i deal with it? any suggestion will be very appreciated. regards, gregor __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click -------------------------------------------------------------- ---------- leaf-user mailing list: leaf-user () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- RE: [leaf-user] udp masq entry and dns abuse Luis.F.Correia (Feb 17)