[Unbound-users] wrong outgoing-port-permit port range handling?
Beastie
beastie24 at gmail.com
Sun Aug 3 06:31:41 UTC 2008
Hello.
My system is FreeBSD 7.0-RELEASE-p3 and I'm runing Unbound 1.0.1 +
libevent-1.3e installed from ports.
System firewall is configured to use dynamic firewall rules.
---
IPFW configuration:
allow ip from any to any via lo0
deny ip from any to 127.0.0.0/8
deny ip from 127.0.0.0/8 to any
add check-state
add deny icmp from any to any frag
add allow icmp from any to me icmptypes 0,3,11
add allow icmp from me to any out keep-state
add allow tcp from me to any out keep-state
add allow udp from me to any out keep-state
add deny tcp from any to any
add deny udp from any to any
add deny ip from any to any
---
unbound.conf
server:
verbosity: 0
#statistics-interval: 3600
num-threads: 4
interface: 0.0.0.0
port: 53
outgoing-range: 256
outgoing-port-permit: 32768-65000
msg-cache-size: 32m
msg-cache-slabs: 4
num-queries-per-thread: 1024
rrset-cache-size: 64m
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 900
infra-lame-ttl: 900
infra-cache-slabs: 4
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 refuse
access-control: 10.1.1.0/24 allow
access-control: 192.168.15.0/24 allow
access-control: 127.0.0.0/8 allow
access-control: ::0/0 refuse
access-control: ::1 allow
access-control: ::ffff:127.0.0.1 allow
chroot: "/usr/local/etc/unbound"
username: "unbound"
directory: "/usr/local/etc/unbound"
logfile: "/usr/local/etc/unbound/unbound.log"
#logfile: ""
use-syslog: no
pidfile: "/usr/local/etc/unbound/unbound.pid"
root-hints: "/usr/local/etc/unbound/named.cache"
identity: "a"
version: "1"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-address: ::1
do-not-query-localhost: yes
module-config: "iterator"
---
>From the ipfw -d show output I can see that Unbound is actualy using
source UDP port nubers that is outside from the defined
outgoing-port-permit range:
01300 1 40 (4s) STATE udp 11.112.44.xxx 19405 <-> 195.59.44.134 53
01300 1 75 (4s) STATE udp 11.112.44.xxx 12506 <-> 63.209.3.131 53
01300 1 326 (3s) STATE udp 11.112.44.xxx 36161 <-> 66.218.71.63 53
01300 1 40 (4s) STATE udp 11.112.44.xxx 33033 <-> 124.211.40.3 53
01300 1 75 (4s) STATE udp 11.112.44.xxx 27274 <-> 63.209.3.132 53
01300 1 40 (4s) STATE udp 11.112.44.xxx 24709 <-> 63.209.3.132 53
01300 1 40 (4s) STATE udp 11.112.44.xxx 39301 <-> 63.209.3.131 53
01300 1 92 (4s) STATE udp 11.112.44.xxx 63155 <-> 195.59.44.134 53
01300 1 75 (4s) STATE udp 11.112.44.xxx 29005 <-> 81.52.250.132 53
01300 1 545 (3s) STATE udp 11.112.44.xxx 65480 <-> 192.26.92.30 53
01300 1 335 (3s) STATE udp 11.112.44.xxx 42386 <-> 192.52.178.30 53
01300 1 328 (3s) STATE udp 11.112.44.xxx 32650 <-> 192.35.51.30 53
01300 1 333 (3s) STATE udp 11.112.44.xxx 15798 <-> 192.33.14.30 53
01300 1 77 (4s) STATE udp 11.112.44.xxx 60832 <-> 124.211.40.3 53
01300 1 40 (4s) STATE udp 11.112.44.xxx 21815 <-> 195.59.44.134 53
01300 1 75 (4s) STATE udp 11.112.44.xxx 23089 <-> 195.59.44.134 53
01300 1 40 (3s) STATE udp 11.112.44.xxx 4915 <-> 81.52.250.132 53
Is it becouse of problems with my unbound.conf ?
Thanks!
More information about the Unbound-users
mailing list