[ previous ] [ next ] [ threads ]
 
 From:  Jeffrey Goldberg <jeffrey at goldmark dot org>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  Monowall Mailing List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Odd NAT blocking
 Date:  Tue, 5 Oct 2004 13:44:35 -0700 (PDT) 
[posted and cc'ed]

On Tue, 5 Oct 2004, Chris Buechler wrote:

>> ipmon[75]: 11:07:08.443851 sis0 @0:15 b
>>    192.168.1.51,63864 -> 66.111.4.160,993 PR tcp len 20 101 -AFP IN

> What is group 0 rule 15 in /status.php (the first rule 15 it shows
> under ipfstat -nio)?

   @15 block in log quick proto tcp from any to any

which I guess is the implicit block rule.  But, rule @0:14 says,

   @14 skip 1 in proto tcp from any to any flags S/FSRA

which I guess means skip to group 1 for TCP packets with the S/FSRA 
flag(s) set.  And what I assume is the relevant rule in what I guess is 
group 1 is

  @3 pass in quick from 192.168.1.0/24 to any keep state group 100

While I don't think that this should be part of the problem, was it a 
mistake to set my LAN address as 192.168.1.0/24 instead of 192.168.0.0/24?

>> Also I'd like to get recommendations for good books on packet filtering 
>> firewalls including NAT.

> Not a book, but something to start with at least.  Has a good
> explanation of deciphering IPF's logs.
> http://freebsd.peon.net/tutorials/21/

Thanks.

-j

-- 
Jeffrey Goldberg                            http://www.goldmark.org/jeff/
  Relativism is the triumph of authority over truth, convention over justice
  Hate spam?  Boycott MCI! http://www.goldmark.org/jeff/anti-spam/mci/