On Thu, 26 Aug 2004, Michael Scheer wrote:
> I've made my m0n0 accessible on wan interface, the rule is this:
> | @4 pass in log quick proto tcp from x.x.0.0/16 to 192.168.x.x/32 port = 443 keep state group 200
> So access from a x.x/16 network is allowed. But this is not the point.
> The point is, why does it log incoming and outgoing traffic? -->
> | Aug 26 16:29:21 m0n0wall ipmon: 16:29:20.227855 ng0 @200:4 p <wan adress> -> 192.168.x.x,443
PR tcp len 20 52 -S K-S IN
> | Aug 26 16:29:21 m0n0wall ipmon: 16:29:20.228287 ng0 @200:4 p x.x.55.132,443 -> <wan
adress>,28480 PR tcp len 20 48 -AS K-S OUT
Does this just happen occasionally, or all the time? It looks like the
SYN/ACK packet is getting rejected by the stateful filter and is thus
showing up in the log. I wonder if the short time delta has something to
do with it.
> 2) The msntp does not appear to leave any logs? It should IMHO. Or did
> I just not find it?
Msntp doesn't write logs, except in some fatal error cases. It can write
various levels of debugging output to its *console*, but that's different.
Perhaps you're confusing it with "real" NTP.