[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Jeffrey Goldberg <jeffrey at goldmark dot org>
 Cc:  Monowall Mailing List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Odd NAT blocking
 Date:  Tue, 5 Oct 2004 16:28:52 -0400
On Tue, 5 Oct 2004 12:07:56 -0700, Jeffrey Goldberg
<jeffrey at goldmark dot org> wrote:
> This question might reflect my misunderstanding of how NAT works.
> (Well, considering that I think it works by magic, I suppose that that
> is inevitable that I misunderstand.)
> I am getting some outgoing packets occasionally blocked that should be
> allow through.  Here is an example log entry (line broken for
> readability)
> ipmon[75]: 11:07:08.443851 sis0 @0:15 b
>,63864 ->,993 PR tcp len 20 101 -AFP IN

What is group 0 rule 15 in /status.php (the first rule 15 it shows
under ipfstat -nio)?

> Any insight into this would be welcome.  Also I'd like to get
> recommendations for good books on packet filtering firewalls including
> NAT.

Not a book, but something to start with at least.  Has a good
explanation of deciphering IPF's logs.