spoofing myself without meaning to
I have a box, wheat, connected to the internet and my local network.
Another box, corn, is on the local network.
I'm running DNS on wheat and have two domains to call my own (both
going to the same IP address).
When I try to access corn from wheat I get errors that wheat is
spoofing. This happens in several contexts, but the worst is NFS.
corn is acting as an NFS server, and when I attempt to mount from
wheat I get, in the log on corn,
Dec 29 23:16:33 corn mountd[5922]: NFS mount of / attempted from 192.168.10.1
Dec 29 23:16:33 corn mountd[5922]: spoof attempt by 192.168.10.1: pretends to be wheat.mydomain.com!
Dec 29 23:16:33 corn mountd[5922]: Unauthorized access by NFS client 192.168.10.1.
Dec 29 23:16:33 corn mountd[5922]: Blocked attempt of 192.168.10.1 to mount /
dig -x 192.168.10.1 from corn gives wheat.mydomain.com.
dig wheat.mydomain.com returns the external IP address.
My theory is that this mismatch looks like spoofing.
I have two problems. First, I don't know if this theory correctly
identifies the source of my problems. Second, I don't know how to
correct the problem. I'd appreciate any advice.
The networking situation includes firewalls, tcpwrappers, and
nfs-user-server. I'm not sure whether the tcpwrappers are being used;
at any rate both hosts.{allow,deny} and the firewall should let thing
through in my local network.
Some networking details have been slightly obscured in the preceding
message.
Thanks.
Ross Boylan
Reply to: