Re: spoofing myself without meaning to [SOLVED]

[Ross Boylan <RossBoylan@stanfordalumni.org>]

On Fri, Dec 30, 2005 at 09:29:05AM +0100, Philippe Marzouk wrote:
> On Thu, Dec 29, 2005 at 11:49:58PM -0800, Ross Boylan wrote:
> > I have a box, wheat, connected to the internet and my local network.
> > Another box, corn, is on the local network.
> > I'm running DNS on wheat and have two domains to call my own (both
> > going to the same IP address).
> > 
> > When I try to access corn from wheat I get errors that wheat is
> > spoofing.  This happens in several contexts, but the worst is NFS.
> > corn is acting as an NFS server, and when I attempt to mount from
> > wheat I get, in the log on corn,
> > Dec 29 23:16:33 corn mountd[5922]: NFS mount of / attempted from 192.168.10.1
> > Dec 29 23:16:33 corn mountd[5922]: spoof attempt by 192.168.10.1: pretends to be wheat.mydomain.com!
> > Dec 29 23:16:33 corn mountd[5922]: Unauthorized access by NFS client 192.168.10.1.
> > Dec 29 23:16:33 corn mountd[5922]: Blocked attempt of 192.168.10.1 to mount /
> > 
> > dig -x 192.168.10.1 from corn gives wheat.mydomain.com.
> > dig wheat.mydomain.com returns the external IP address.
> > 
> > My theory is that this mismatch looks like spoofing.
> > 
> 
> You may wish to look at views in bind (if this is your DNS server) it
> allows you to have different zone files for internal and external
> clients. That way, when someone queries from the outside your domain the
> external ip is returned but from the inside of your LAN the internal ip
> would be returned.
> 
> Philippe
> 
Thanks.  That solved the problem.
Ross