Strictly speaking, this is somewhat OT, but since my ipf/ipmon log
entries are being generated by m0n0wall, I thought I would ask here...
(a quick perusal of Google didn't lead me to anything quick...)
I'm trying to run a VPN client to reach my corporate network, and it's
not working. I suspect that m0n0wall is doing its job and blocking the
traffic in some way, and I'm trying to determine how/why. I looked in
the logs to see if anything looks revealing and I see the following
(quite a few times, actually):
May 30 17:57:42 fw ipmon: 17:57:41.476323 2x ng0 @0:27 b
xxx.yyy.143.10 -> 192.168.0.200 PR udp len 20 (756) frag +736@744 IN
where "xxx.yyy" is the class B address of my company's IP or the source
IP (in this case). I'm not sure what all the other stuff means (being
an ipf novice), if someone can break it down for me. I at least can
understand most of it and read this line as...
- Date/Time stamp of log entry
- "fw" = "firewall" where "fw.local" is defined in my local DNS, hence
"fw" for the machine name (of m0n0wall)
- "ipmon" is the monitoring daemon/process (?), but I'm not sure what
the  means? Can't be port 69, can it? (That's tftp...)
- Next log segment is another timestamp
- "2x" means?
- "ng0" is on m0n0wall
- "@0:27" means?
- xxx.yyy.143.10 is incoming IP address
- 192.168.0.200 is the destination IP on my private LAN (my workstation
running the VPN software)
- "PR" means? (Type of packet, I'm thinking? Like ACK, SYN, etc.?
- "udp" is udp packet of...
- length 20
- "(756)" means?
- "frag" means the packet was a fragment, I assume (and causes me to
think this is the problem since m0n0wall is presently set to drop packet
- "+736@744" means?
- "IN" means incoming packet
So... I've got most of it figured out, but I'm wondering about the few
missing pieces of the puzzle.
Also... I'm trying to use "Contivity VPN client" from Nortel Networks.
Maybe someone knows right off the bat what might be my problem using
this VPN client with m0n0wall? Bear in mind I'm sitting BEHIND m0n0wall
trying to go OUT and connect to my company LAN; I'm not sitting outside
trying to get IN through m0n0wall.
Also, if someone DOES know where I can get help on reading ipf/ipmon log
entries, I'd appreciate it. Not all the log entries are the same as you
all well know.
chris at technologEase dot com