SunOS nat04 5.10 s10_72 i86pc i386 i86pc ipf: IP Filter: v4.0.2 (500) Kernel: IP Filter: v4.0.2
Started the load testing of Sol10 and ipfil, and it has already survived longer than it did for us under Solaris 9 and ipf 4.1.3.
I have two quick questions I was hoping to get answered.
1)
Currently our ipf.conf is empty, apart from some port 139 blocking and default permit all, and ipnat.conf has NAT setup for our internal networks.
I would be nice if "ipfstat -t" would work. The documentation states that it will only work for sessions that it keeps state on. I thought NATing itself required state, but it displayes nothing. Do I need to throw on rules with "keep state" for it to show any data in ipf.conf ?
2)
FTP Nat shows:
proxy ftp/6 use 3 flags 0
proto 6 flags 0 bytes 93536 pkts 741 data YES size 392
FTP Proxy:
passok: 9
Client:
seq f6b1e80b (ack f6b1e80b) len 98 junk 1 cmds 1
buf [\007Sh\37777777602\37777777615\37777777650\37777777632+\37777777753\37777777647\37777777741|z\37777777713\37777777771^\025\37777777776-y\377777777608\37777777743:t\37777777704\377777776031\37777777751#\036\37777777602\37777777624\37777777706\37777777722\37777777615\37777777604e'\025\37777777734\37777777760m\001\035|\37777777746\024\37777777745\37777777636\37777777762\37777777763\37777777710\37777777642\37777777644\37777777614D\37777777776\37777777742G\37777777650\37777777610!\37777777766\37777777600f\37777777740M_,\37777777630~\37777777603!!a\37777777611\37777777623W\37777777657\000]
Server:
seq 430d978f (ack 430d97f6) len 103 junk 1 cmds 235
buf [\37777777615X0\37777777771\000]
I assume it is trying to show the current commands and what not. But seeing as that FTP session is SSLed, we mostly garbage. Any worries it will try to parse something wrong with SSLed sessions?
Lund
-- Jorgen Lundman | <[EMAIL PROTECTED]> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home)
