Am 01.04.2010 22:16, schrieb René 'Necoro' Neumann:
> The whole email again, as GPG + Attachment + Sourceforge seems to be a mess.
Mhm ... my fault ... attaching empty file and then wondering, that it is
empty ^^
The file again.
Sorry for the spamming,
René
Thu Apr 1 22:17:30 2010 [+] ** Starting fwknopd (debug mode) **
fwknopd Command line: --debug
[+] import_perl_modules(): The @INC array:
/etc/perl
/usr/lib/perl5/vendor_perl/5.8.8/i686-linux
/usr/lib/perl5/vendor_perl/5.8.8
/usr/lib/perl5/vendor_perl
/usr/lib/perl5/site_perl/5.8.8/i686-linux
/usr/lib/perl5/site_perl/5.8.8
/usr/lib/perl5/site_perl
/usr/lib/perl5/5.8.8/i686-linux
/usr/lib/perl5/5.8.8
/usr/local/lib/site_perl
.
[+] Unix::Syslog::VERSION 0.100
[+] Net::IPv4Addr::VERSION 0.10
[+] Digest::MD5::VERSION 2.39
[+] Digest::SHA::VERSION 5.47
Thu Apr 1 22:17:30 2010 [+] Building iptables config info.
[+] IPTables::ChainMgr::VERSION 0.9
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr::run_ipt_cmd(waitpid())
/sbin/iptables -t filter -v -n -L INPUT
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr: Setting SIGCHLD handler to:
CODE(0xf8b8d3b4)
Thu Apr 1 22:17:30 2010 iptables command stdout:
Chain INPUT (policy ACCEPT 117K packets, 40M bytes)
pkts bytes target prot opt in out source destination
Thu Apr 1 22:17:30 2010 iptables command stderr:
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr::run_ipt_cmd(waitpid())
/sbin/iptables -t filter -v -n -L FORWARD
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr: Setting SIGCHLD handler to:
CODE(0xf8b8d3b4)
Thu Apr 1 22:17:30 2010 iptables command stdout:
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Thu Apr 1 22:17:30 2010 iptables command stderr:
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr::run_ipt_cmd(waitpid())
/sbin/iptables -t nat -v -n -L PREROUTING
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr: Setting SIGCHLD handler to:
CODE(0xf8b8d3b4)
Thu Apr 1 22:17:30 2010 iptables command stdout:
Chain PREROUTING (policy ACCEPT 38510 packets, 5591K bytes)
pkts bytes target prot opt in out source destination
Thu Apr 1 22:17:30 2010 iptables command stderr:
Thu Apr 1 22:17:30 2010 [+] starting fwknopd v1.9.12 (file revision: 1533)
[+] Start time: [Thu Apr 1 22:17:30 2010]
Thu Apr 1 22:17:30 2010 [+] flushing existing iptables fwknop chains
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr::run_ipt_cmd(waitpid())
/sbin/iptables -t filter -v -n -L FWKNOP_INPUT
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr: Setting SIGCHLD handler to:
CODE(0xf8b8d3b4)
Thu Apr 1 22:17:30 2010 iptables command stdout:
Thu Apr 1 22:17:30 2010 iptables command stderr:
iptables: No chain/target/match by that name.
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr::run_ipt_cmd(waitpid())
/sbin/iptables -t filter -F FWKNOP_INPUT
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr: Setting SIGCHLD handler to:
CODE(0xf8b8d3b4)
Thu Apr 1 22:17:30 2010 iptables command stdout:
Thu Apr 1 22:17:30 2010 iptables command stderr:
iptables: No chain/target/match by that name.
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr::run_ipt_cmd(waitpid())
/sbin/iptables -t filter -v -n -L FWKNOP_FORWARD
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr: Setting SIGCHLD handler to:
CODE(0xf8b8d3b4)
Thu Apr 1 22:17:30 2010 iptables command stdout:
Thu Apr 1 22:17:30 2010 iptables command stderr:
iptables: No chain/target/match by that name.
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr::run_ipt_cmd(waitpid())
/sbin/iptables -t filter -F FWKNOP_FORWARD
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr: Setting SIGCHLD handler to:
CODE(0xf8b8d3b4)
Thu Apr 1 22:17:30 2010 iptables command stdout:
Thu Apr 1 22:17:30 2010 iptables command stderr:
iptables: No chain/target/match by that name.
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr::run_ipt_cmd(waitpid())
/sbin/iptables -t nat -v -n -L FWKNOP_PREROUTING
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr: Setting SIGCHLD handler to:
CODE(0xf8b8d3b4)
Thu Apr 1 22:17:30 2010 iptables command stdout:
Thu Apr 1 22:17:30 2010 iptables command stderr:
iptables: No chain/target/match by that name.
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr::run_ipt_cmd(waitpid())
/sbin/iptables -t nat -F FWKNOP_PREROUTING
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr: Setting SIGCHLD handler to:
CODE(0xf8b8d3b4)
Thu Apr 1 22:17:30 2010 iptables command stdout:
Thu Apr 1 22:17:30 2010 iptables command stderr:
iptables: No chain/target/match by that name.
Thu Apr 1 22:17:30 2010 [+] Checking for iptables state tracking rule...
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr::run_ipt_cmd(waitpid())
/sbin/iptables -v -n -L
Thu Apr 1 22:17:30 2010 [+] IPTables::ChainMgr: Setting SIGCHLD handler to:
CODE(0xf8b8d3b4)
Thu Apr 1 22:17:30 2010 iptables command stdout:
Chain INPUT (policy ACCEPT 117K packets, 40M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 88394 packets, 20M bytes)
pkts bytes target prot opt in out source destination
Thu Apr 1 22:17:30 2010 iptables command stderr:
Thu Apr 1 22:17:30 2010 [-] warning, could not find any iptables state
tracking rules
[+] Crypt::CBC::VERSION 2.29
Thu Apr 1 22:17:30 2010 [+] Dumping config from: /etc/fwknop/fwknop.conf
ACCESS_CONF /etc/fwknop/access.conf
ALERTING_METHODS ALL
AUTH_MODE PCAP
BLACKLIST (removed)
CONNTRACK_ESTAB_PORTS 0
DIGEST_FILE /var/log/fwknop/digest.cache
DIGEST_TYPE ALL
EMAIL_ADDRESSES (removed)
ENABLE_CONNTRACK_PERSIST N
ENABLE_COOKED_INTF N
ENABLE_DIGEST_INCLUDE_SRC Y
ENABLE_DIGEST_PERSISTENCE Y
ENABLE_EXTERNAL_CMDS N
ENABLE_EXT_CMD_PREFIX N
ENABLE_FKO_MODULE Y
ENABLE_INTF_BYTES_CHECK Y
ENABLE_INTF_CHECKS Y
ENABLE_INTF_EXISTS_CHECK Y
ENABLE_INTF_RUNNING_CHECK Y
ENABLE_IPT_FORWARDING N
ENABLE_IPT_LOCAL_NAT Y
ENABLE_IPT_OUTPUT N
ENABLE_IPT_SNAT N
ENABLE_PCAP_PROMISC Y
ENABLE_PROC_IP_FORWARD Y
ENABLE_SPA_OVER_HTTP N
ENABLE_SPA_PACKET_AGING Y
ENABLE_SYSLOG_FILE Y
ENABLE_TCP_SERVER N
ENABLE_UDP_SERVER N
ENABLE_VOLUNTARY_EXITS N
EXIT_INTERVAL 1440
EXTERNAL_CMD_ALARM 30
EXTERNAL_CMD_CLOSE
EXTERNAL_CMD_OPEN
EXT_CMD_PREFIX FWKNOP_
FIREWALL_TYPE iptables
FLUSH_IPT_AT_INIT Y
FWKNOP_CMDLINE_FILE /var/run/fwknop/fwknopd.cmd
FWKNOP_CONF_DIR /etc/fwknop
FWKNOP_DIR /var/log/fwknop
FWKNOP_ERR_DIR /var/log/fwknop/errs
FWKNOP_LIB_DIR /var/lib/fwknop
FWKNOP_MOD_DIR /usr/lib/fwknop
FWKNOP_PID_FILE /var/run/fwknop/fwknopd.pid
FWKNOP_RUN_DIR /var/run/fwknop
FWKNOP_SERV_SOCK /var/run/fwknop/fwknop_serv.sock
FWSERV_SYSLOG_FACILITY LOG_LOCAL7
FWSERV_SYSLOG_IDENTITY fwknop(fwknop_serv)
FWSERV_SYSLOG_PRIORITY LOG_INFO
FW_DATA_FILE /var/log/fwknop/fwdata
FW_MSG_SEARCH DROP
GPG_DEFAULT_HOME_DIR (removed)
HOSTNAME (removed)
INTF_CHECKS_INTERVAL 20
IPFW_DYNAMIC_INTERVAL 60
IPFW_RULE_NUM 1
IPFW_SET_NUM 1
IPT_CMD_ALARM 30
IPT_CONNTRACK_FILE /proc/net/ip_conntrack
IPT_DNAT_ACCESS DNAT, src, nat, PREROUTING, 1,
FWKNOP_PREROUTING, 1
IPT_ERROR_FILE /var/log/fwknop/fwknopd.ipterr
IPT_EXEC_SLEEP 0
IPT_EXEC_STYLE waitpid
IPT_EXEC_TRIES 2
IPT_FORWARD_ACCESS ACCEPT, src, filter, FORWARD, 1, FWKNOP_FORWARD,
1
IPT_INPUT_ACCESS ACCEPT, src, filter, INPUT, 1, FWKNOP_INPUT, 1
IPT_MASQUERADE_ACCESS MASQUERADE, src, nat, POSTROUTING, 1,
FWKNOP_POSTROUTING, 1
IPT_OUTPUT_ACCESS ACCEPT, dst, filter, OUTPUT, 1, FWKNOP_OUTPUT, 1
IPT_OUTPUT_FILE /var/log/fwknop/fwknopd.iptout
IPT_SNAT_ACCESS SNAT, src, nat, POSTROUTING, 1,
FWKNOP_POSTROUTING, 1
IPT_SYSLOG_FILE /var/log/messages
KNOPMD_FIFO /var/lib/fwknop/fwknopfifo
KNOPMD_PID_FILE /var/run/fwknop/knopmd.pid
KNOPTM_IPT_ERROR_FILE /var/log/fwknop/knoptm.ipterr
KNOPTM_IPT_OUTPUT_FILE /var/log/fwknop/knoptm.iptout
KNOPTM_IP_TIMEOUT_SOCK /var/run/fwknop/knoptm_ip_timeout.sock
KNOPTM_PID_FILE /var/run/fwknop/knoptm.pid
KNOPTM_SYSLOG_FACILITY LOG_LOCAL7
KNOPTM_SYSLOG_IDENTITY fwknop(knoptm)
KNOPTM_SYSLOG_PRIORITY LOG_INFO
KNOPWATCHD_CHECK_INTERVAL 5
KNOPWATCHD_MAX_RETRIES 10
KNOPWATCHD_PID_FILE /var/run/fwknop/knopwatchd.pid
LOCALE C
MAX_HOPS 20
MAX_SNIFF_BYTES 1500
MAX_SPA_PACKET_AGE 120
MIN_GNUPG_MSG_SIZE 400
MIN_SPA_PKT_LEN 150
P0F_FILE /etc/fwknop/pf.os
PCAP_CMD_TIMEOUT 10
PCAP_FILTER udp port 62201
PCAP_INTF eth0
PCAP_PKT_FILE /var/log/sniff.pcap
PROC_IP_FORWARD_FILE /proc/sys/net/ipv4/ip_forward
REQUIRE_SOURCE_ADDRESS N
SLEEP_INTERVAL 2
SNAT_TRANSLATE_IP _CHANGEME_
SYSLOG_DAEMON metalog
SYSLOG_FACILITY LOG_LOCAL7
SYSLOG_IDENTITY fwknopd
SYSLOG_PRIORITY LOG_INFO
TCPSERV_PID_FILE /var/run/fwknop/fwknop_serv.pid
TCPSERV_PORT 62201
UDPSERV_PORT 62201
Thu Apr 1 22:17:30 2010 [+] Command paths:
fwknop_serv /usr/sbin/fwknop_serv
fwknopd /usr/sbin/fwknopd
gpg /usr/bin/gpg
ifconfig /sbin/ifconfig
ipfw /sbin/ipfw
iptables /sbin/iptables
knopmd /usr/sbin/knopmd
knoptm /usr/sbin/knoptm
knopwatchd /usr/sbin/knopwatchd
mail /bin/mail
mknod /bin/mknod
sendmail /usr/sbin/sendmail
sh /bin/sh
Thu Apr 1 22:17:30 2010 [+] imported access directives (1 SOURCE definitions).
Thu Apr 1 22:17:30 2010 [+] Stopping knopmd daemon...
Thu Apr 1 22:17:30 2010 [+] Executing: /usr/sbin/knoptm -i eth0 -c
/etc/fwknop/fwknop.conf
Thu Apr 1 22:17:30 2010 [+] digest_store hash:
$VAR1 = {};
Thu Apr 1 22:17:30 2010 [+] imported previous tracking digests from disk
cache: /var/log/fwknop/digest.cache
Thu Apr 1 22:17:30 2010 [+] Set SIGCHLD handler to: CODE(0xf8b8d3b4)
Thu Apr 1 22:17:30 2010 [+] Set __WARN__ handler to: CODE(0xf8d28b80)
Thu Apr 1 22:17:30 2010 [+] Set __DIE__ handler to: CODE(0xf8d28b2c)
[+] Net::Pcap::VERSION 0.16
Thu Apr 1 22:17:30 2010 [+] Sniffing (promisc) packet data from interface: eth0
Thu Apr 1 22:17:30 2010 [+] pcap_loop()
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
