oops! In my previous post I incorrectly stated "ping 246.8.161.244 -
works".
123.456.70.66 answers to pings.
However, from 123.456.70.66, ping 246.82.161.244 fails / hangs with
this repeated error message in /var/log/ipmonlog:
10/07/2007 13:00:22.465340 eri0 @0:53 b 246.82.161.244 -> 123.456.70.66
PR icmp len 20 84 icmp echoreply/0 IN
Also, from 123.456.70.66, ping 123.456.70.67 (from w/in our subnet)
fails / hangs with this repeated error message in /var/log/ipmonlog:
10/07/2007 13:20:56.966435 eri0 @0:53 b 123.456.70.67 -> 123.456.70.66
PR icmp len 20 84 icmp echoreply/0 IN
So, to be correctly exact, both ping and traceroute commands fail from
123.456.70.66.
The ipfstat output shown below is correct - no changes to ipf.conf.
Charles
-----Original Message-----
From: [EMAIL PROTECTED]
To: [email protected]
Sent: Mon, 9 Jul 2007 4:42 pm
Subject: Re: IPFilter 4.1.13 on Solaris 8 ... What am I missing?
Getting closer ...
123.456.70.66 is my host computer where firewall is being tested.
ping 246.8.161.244 - works.
However, traceroute 246.82.161.244 fails / hangs with this repeated
error message in /var/log/ipmonlog:
03/07/2007 15:07:35.071265 eri0 @0:53 b 123.456.68.1 -> 123.456.70.66
PR icmp len 20 56 icmp timxceed/transit for 123.456.70.66,52646 -
246.82.161.244,33434 PR udp len 20 40 IN
From the ipfstat below I (think that I) explicitly allow:
1) TCP & UDP access from 123.456.68.1, my subnet gateway (@18, @19).
2) ICMP access from anywhere (@52).
So, again, what am I missing?
Charles
# sudo ipfstat -in
@1 block in quick proto udp from any to 123.456.71.255/32 port = 631
@2 block in quick proto udp from any to 123.456.71.255/32 port = 137
@3 block in quick proto udp from any to 123.456.71.255/32 port = 138
@4 block in quick proto udp from any to 123.456.71.255/32 port = 139
@5 block in quick proto udp from any to 255.255.255.255/32
@6 block in quick proto tcp from any to any port = 135
@7 block in quick proto udp from any to any port = 137
@8 block in quick proto udp from any to any port = 138
@9 block in quick proto tcp from any to any port = 139
@10 block in quick proto udp from any to any port = 1026
@11 block in quick proto udp from any to any port = 1027
@12 block in quick proto 2 from any to 224.0.0.1/32
@13 block in quick proto tcp/udp from any to any port = 445
@14 block in quick proto tcp/udp from any to any port = 1433
@15 block in quick proto tcp/udp from any to any port = 1434
@16 block in quick proto tcp/udp from any to any port = 4899
@17 block in quick proto tcp/udp from any to any port = 3306
@18 pass in quick proto tcp from 123.456.68.1/32 to any keep state keep
frags
@19 pass in quick proto udp from 123.456.68.1/32 to any keep state
@20 pass in quick proto tcp from 246.82.1.201/32 to any keep state keep
frags
@21 pass in quick proto udp from 246.82.1.201/32 to any keep state
@22 pass in quick proto tcp from 246.82.1.202/32 to any keep state keep
frags
@23 pass in quick proto udp from 246.82.1.202/32 to any keep state
@24 pass in quick proto tcp from 246.82.1.203/32 to any keep state keep
frags
@25 pass in quick proto udp from 246.82.1.203/32 to any keep state
@26 pass in quick proto tcp from 246.82.1.204/32 to any keep state keep
frags
@27 pass in quick proto udp from 246.82.1.204/32 to any keep state
@28 pass in quick proto tcp from 246.82.161.16/32 to any keep state
keep frags
@29 pass in quick proto udp from 246.82.161.16/32 to any keep state
@30 pass in quick proto tcp from 246.82.247.34/32 to any keep state
keep frags
@31 pass in quick proto udp from 246.82.247.34/32 to any keep state
@32 pass in quick proto tcp from 246.82.247.66/32 to any keep state
keep frags
@33 pass in quick proto udp from 246.82.247.66/32 to any keep state
@34 pass in quick proto tcp from 246.82.247.98/32 to any keep state
keep frags
@35 pass in quick proto udp from 246.82.247.98/32 to any keep state
@36 pass in quick proto tcp from 246.82.162.243/32 to any keep state
keep frags
@37 pass in quick proto udp from 246.82.162.243/32 to any keep state
@38 pass in quick proto tcp from 246.82.162.242/32 to any keep state
keep frags
@39 pass in quick proto udp from 246.82.162.242/32 to any keep state
@40 pass in quick proto tcp from 123.456.70.0/26 to any keep state keep
frags
@41 pass in quick proto udp from 123.456.70.0/26 to any keep state
@42 pass in quick proto tcp from 123.456.70.64/27 to any keep state
keep frags
@43 pass in quick proto udp from 123.456.70.64/27 to any keep state
@44 pass in quick proto tcp from 123.456.70.96/28 to any keep state
keep frags
@45 pass in quick proto udp from 123.456.70.96/28 to any keep state
@46 pass in quick proto tcp from 123.456.0.0/16 to any port = 22 keep
state keep frags
@47 pass in quick proto tcp from 246.82.0.0/16 to any port = 22 keep
state keep frags
@48 pass in quick proto tcp from any port = 22 to any keep state keep
frags
@49 pass in quick proto tcp from 135.79.54.241/32 to any port = 22 keep
state keep frags
@50 pass in quick proto tcp from 13.579.209.28/32 to any port = 22 keep
state keep frags
@51 pass in quick proto tcp from 13.579.43.83/32 to any port = 22 keep
state keep frags
@52 pass in quick proto icmp from any to any keep state
@53 block in log quick all
#
# sudo ipfstat -on
@1 pass out quick all
@2 pass out quick proto icmp from any to any keep state
@3 pass out quick proto tcp/udp from any to any keep state keep frags
________________________________________________________________________
Check Out the new free AIM(R) Mail -- Unlimited storage and
industry-leading spam and email virus protection.
________________________________________________________________________
Check Out the new free AIM(R) Mail -- Unlimited storage and
industry-leading spam and email virus protection.
=0
