Lamont Peterson

While working on some DNS and web server configurations today, I discovered a bug (in my opinion) in he way that NAT is implemented in the Cisco 678 DSL router. From what I’ve read, it occurs in the 675 as well. I suspect that this bug would be found in all CBOS based devices.

My Cisco 678 is connected to a Linux server which provides firewall, proxy, DNS, DHCP and a bunch of other services to my internal network. There’s not much more than DNS which is visible to the outside world. I found that DNS requests for A records (address lookups) from the outside world coming through the Cisco 678 to my DNS server would always get the IP address of my DSL link and a TTL of 0. Other record types seemed unaffected (though, I never tested most RR types).

After some fiddling around with my DNS server, I realized that it was returning the right information. In other words, the data was being alteredchanged in transit. Since I am using NAT on the Cisco 678, I decided to look into the possibility that something was wrong there.

It turns out that the CBOS NAT implementation does not just translate IP addresses in the IP header, but will look at the entire payload of an IP packet, substituting it’s IP everywhere. Since the format of the IP address in a DNS response is the same as what is found in a nIP header, they were being translated on the way to the outside of my network.

A quick Google Search yielded a workaround, which I’ll describe here.

The Cisco 67x CBOS NAT implementation will not translate payload addresses if the packets are not on port 53. So, simple change the port to something else (like 5300) in a NAT entry, and your DNS lookup responses won’t be messed with. The syntax of the CBOS command to do just that is:

cbos#set nat entry add 192.0.2.254 5300 0.0.0.0 53 udp

In the workaround I found online, they never address the use of DNS over TCP. It doesn’t happen much, but it is possible for DNS requests to come over TCP rather than UDP (this usually only occurs for zone transfers and when a request produces such a large response that a single UDP datagram is too small to carry the answer back).So, I also ran:

cbos#set nat entry add 192.0.2.254 5300 0.0.0.0 53 tcp

After implementing the workaround, it didn’t work. I deleted the NAT entries from my Cisco 678, re-created them, wrote the memory, rebooted it at which point it started working for me. During this process, I also kept tcpdump monitoring for the traffic I wanted to see between the DSL router and my firewall box.

I thought it was a little bit funny to find this in today’s logwatch email from one of my servers:

——————— postfix Begin ————————

7118055 bytes transferred
1337 messages sent
1337 messages removed from queue

I hadn’t bothered looking at my personal email accounts since last Saturday. This evening, I was surprised to see that it looked like I wasn’t receiving emails for my OpenBrainstem or lamontpeterson.org addresses. The last messages had come in sometime late Sunday morning.

First thing I did was to log into the mail server via SSH and run:

# mailq | grep ‘^[0-9A-F]’ | wc -l
1631

Well, that’s a wee bit of email. So I tried running this command (sorry, I didn’t capture that whole output):

# mailq | head
. . . output omitted . . .

The message I saw over and over again showed “(temporary failure. Command output: maildrop: signal 0x19)“. A quick Google search and the first link told me what I needed to know; when the log file that maildrop is writing into reaches over 50 million bytes (not 50MB, but 50MiB), it stops processing requests. Though the link Google found for me indicated a setup with one central log file, I’ve discovered that the same thing happens when you have per user log files, like I do. This line from my /etc/maildroprc file shows what I mean:

logfile "$HOME/mail/.maildrop.log"

So, I fixed it by truncating (or, in other words, emptying) my own user’s log file. Of course, I first checked to make sure that it was the culprit:

# ls -l ~lamontp/mail/.maildrop.log
-rw——-  1 lamontp lamontp 714630 Apr 30 20:37 /home/lamontp/mail/.maildrop.log
# >~lamontp/mail/.maildroprc

For the past two evenings, Nadia has laid on my shoulder while rocking just before placing her in her bed for the night. I asked her for a kiss and she has obliged by sitting up, looking right at me, then beding down to place her lips right on mine.

Her mother, however, is a little frustrated (not really) that she isn’t getting kisses from Nadia when asking for them. Six weeks ago, when Nadia first started kissing us on the lips regularly and of her own volition, it was Mom who would get the kisses and Dad who was left, “out in the cold.”

Another reason this is particularly nice, is that Nadia has been sick for the past few days. This is partly because about 5 teeth decided to push in all together, of which, I think 3 are molars. Today was about the worst it’s been for her, too. However, she is still so very sweet and understands that going to bed is a good thing for her. She has points to her bed to let us know she is ready. We still have to rock her completely to sleep for naps, but at night, she willingly falls asleep on her own.

The 2008 Davis County Republican Party Convention is over. Of the eight candidates (including myself) who were running for the Senate District 23 seat, only two remain, and will face each other in a primary election. Those two cadidates are Dan Liljenquist and Ronald Mortensen. You read that right, I’m out of the race.

It was a lot of fun for me. I regret that there was so little time (merely 17 days) between the caucauses and the convention. This made it nigh on impossible to speak with the bulk of the 270+ delegates who voted in my race. It didn’t help that I fell ill and lost a little over a week’s worth of working time to it. Several friends were trying to put together “Meet the Candidate” events for the delegates in their areas, but with so many people getting sick and everyones’ busy lives, they were never able to get things together.

I met many good people, made associations that I will treasure for years to come and thouroughly enjoyed talking with people about a wide variety of issues.

One question that many have asked me, of course, is, “When and where will you run again?” The answer is that I will probably run again. Exactly where and when I do not, yet, know. I learned a lot from this first experience and will, hopefully, be able to better prepare for a future race.

It was certainly a worthwhile experience. Many, many people have expressed their appreciate for my speeches and discussions. I know that even though I am no longer in the running, that I had a profound effect on the race and on a great many persons’ viewpoints. That is a very rewarding and humbling feeling for me. I am very grateful to all those who have supported my effort.

First of all, we must always keep in mind that there is no such thing as a free lunch.

Taxes are necessary. It is, however, the responsibility of the Government to ensure that taxes do not over-burden the taxed, whether individual or business.

I believe that there are far too many taxes in Utah. It costs money to collect the vast array of different taxes. It is a burnden to business where the costs of ensuring that proper compliance and payments have been made often exceed the amount of tax paid.

Our Government needs to reduce and simplify the tax system to something comprehensible, economical to administer and fair to all.

Government must not invade nor circumvent individual privacy. I and many others haven written extensively over the past several years of the dangers inhereant in many of the directions our Federal Government has pursued since the terrible attacks upon us, September 11, 2001.

“Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.”

This is a difficult issue for many. I simply see that if we allow the continued erosion of our basic freedoms and privacy, the United States of America will become a police state sooner than we might realize.

It is important that the people have reliable infrastructure for society to function and grow. Roads are one type of important infrastructure. Water, sewer and electrical service are others that are quite often recognized. Fire, police and ambulatory services are also very important parts of our infrastructure.

One type of infrastruture upon which all of the rest now depend is telecommunications. The 100+ year old model of a government regulated monopoly no longer works in this day and age and is no longer necessary. The technologies have advanced beyond the point where this model made sense.

Our government needs to cease actions that protect these ancient, 19th and 20th century monopolies. There are better ways.

We in Utah are developing a problem with overcrowded roads. We’re not yet at the point where it will be a crisis. There are many other states whose cities are far worse off than we. Still, that’s no excuse to wait until the need is upon us. We must be proactive and find solutions to these looming infrastructure issues.

Road congestion could be eased considerably if there were other good resources to permit large business to locate some of their large facilities in less crowded areas. We are building a new road and the new commuter rail (long overdue) is ever closer to opening up service.

The UTA public transportation system was, 10 years ago, a system to be envied. It was convenient, efficient, affordable and safe. Since the introduction of light-rail, which was, and remains, a good idea despite it’s poor execution, UTA has all but completely destroyed it’s once good name. Costs have soared and services dwindled.

Telecommunications infrastructure is of critical importance to society, today. Not only because so many other infrastructure systems rely upon it, but also because businesses and individuals need fast, affordable, reliable access to local and global information. The UTOPIA Community MetroNet is an example of how we can properly provide such infrastructure.

Many, many people have been asking me about education. I am very grateful that they have also shared their views and ideas. Those discussions have already, in this early stage of my campaign, help expand my viewpoint. There are ideas that I had not encountered before, many of which have good merits.

I believe that education is the great key to a stable, prosperous, self-sufficient society.

In 2006-2007, Utah’s K-12 education system ranked 38th among the 50 states.

In 2005, education in the United States ranked 13th in the world.

According to EducationWeek’s January 2007 report, Utah ranked 20th among the 50 states in the liklihood that a student born and educated here would “succeed” in life. Not too bad, but I know that we can do better.

Many politicians do seek input from their constituency. This is very good. However, very few provide much, if any, communication back to those they are to represent. They hold various meetings behind closed doors. What was discussed?

We have a system of representative government. True representation, however, requires transparency and two-way communication.

I hereby vow to conduct my campaign and my service in office as transparently as possible. I will share information regarding the topics and substance of all meetings, conversations and communications which relate to any work I do as your State Senator.

I hereby vow to communicate with those I represent, to provide them with information as issues, bills and conversations evolve, to listen to the true desires of the majority of those I represent, to vote according to my constituents viewpoints.

I ask only the you, too, participate in this process and provide me with true information such that I may take good action.