[ previous ] [ next ] [ threads ]
 
 From:  "Leonid A. Liss" <darth at nm dot ru>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Limit active host mappings...
 Date:  Mon, 10 May 2004 21:09:59 +0400
Today there was intresting day - new worm (sassy, or how it calls)
hit several machines in my net. Ofcouse it begun to spread to
internet adresses, and closed internet to all locals.
I've looked to status.php, found in ipnat -lv section those comps, and
virus was killed, but I've got a question. In bottom of this section
there is info like that:

List of active host mappings:
192.168.2.66 -> 0.0.0.0 (use = 4 hv = 541)
192.168.2.66 -> 0.0.0.0 (use = 1 hv = 541)
192.168.2.67 -> 0.0.0.0 (use = 8 hv = 545)
192.168.2.67 -> 0.0.0.0 (use = 3 hv = 545)
192.168.2.67 -> 0.0.0.0 (use = 7 hv = 545)
192.168.2.70 -> 0.0.0.0 (use = 4 hv = 557)
192.168.2.70 -> 0.0.0.0 (use = 1 hv = 557)
192.168.2.70 -> 0.0.0.0 (use = 2 hv = 557)
192.168.2.71 -> 0.0.0.0 (use = 6 hv = 561)
192.168.2.97 -> 0.0.0.0 (use = 7 hv = 665)
192.168.2.101 -> 0.0.0.0 (use = 2 hv = 681)
192.168.2.129 -> 0.0.0.0 (use = 35 hv = 793)
192.168.2.129 -> 0.0.0.0 (use = 1 hv = 793)
192.168.2.160 -> 0.0.0.0 (use = 5468 hv = 917)
192.168.2.250 -> 0.0.0.0 (use = 1 hv = 1277)
192.168.2.250 -> 0.0.0.0 (use = 1 hv = 1277)

(By the way .160 was infected) So, what does "hv" means? And can I somehow
limit usage of mappings by, let's say, 25 simultaneous connections per
LAN IP? Five thousands per IP - it's a little bit too much. :)

And, if you so kind to answer, what "age", "bkt" and such below means:

MAP 192.168.2.98    3020  <- -> 192.168.0.2     25968 [192.168.1.251 5678]
age 474 use 0 sumd 0x5744/0x5744 pr 6 bkt 189/1643 flags 1 drop 0/0
ifp rl0 bytes 96 pkts 2


Thanks.
     Leonid