Re: [FUG-BR] tcpdump e pflog0 com poucos dados
2009/11/20 Giancarlo Rubio > poste seu pf.conf inteiro > > 2009/11/20 Enio Marconcini > > > 2009/11/20 Amim > > > > > Se tu debugar a regra tu consegue ver se existe mesmo algum pacote > saindo > > > por ela? > > > > > > Acredito que tu tenha um pass sem o LOG antes dessa regra e que teus > > > pacotes tão saindo por ali. > > > > > > -- > > > Amim > > > > > > 2009/11/20 Enio Marconcini > > > > > >> 2009/11/20 Giancarlo Rubio > > >> > > >> > > >> > Tente adicionar no fim das suas regras > > >> > block log quick from any to any > > >> > > > >> > e troque sua regra inicial de block log all para apenas block > > >> > > > >> > > > >> > 2 > > >> > > > >> > > > >> > -- > > >> > Giancarlo Rubio > > >> > - > > >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ > > >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > >> > > > >> > > >> fiz dessa forma, nada tbm > > >> > > >> só mostra isso > > >> > > >> tcpdump: WARNING: pflog0: no IPv4 address assigned > > >> tcpdump: verbose output suppressed, use -v or -vv for full protocol > > decode > > >> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture > size > > 68 > > >> bytes > > >> 00 rule 12/0(match): pass out on re1: [|ip] > > >> 000521 rule 44/0(match): block in on re1: [|ip] > > >> 2. 201811 rule 44/0(match): block in on re1: [|ip] > > >> 8. 363237 rule 44/0(match): block in on re1: [|ip] > > >> 000108 rule 44/0(match): block in on re1: [|ip] > > >> 28 rule 44/0(match): block in on re1: [|ip] > > >> 06 rule 44/0(match): block in on re1: [|ip] > > >> 30. 996715 rule 44/0(match): block in on re1: [|ip] > > >> 09 rule 44/0(match): block in on re1: [|ip] > > >> 21 rule 44/0(match): block in on re1: [|ip] > > >> 19 rule 44/0(match): block in on re1: [|ip] > > >> > > >> > > >> > > >> -- > > >> ENIO RODRIGO MARCONCINI > > >> gtalk: eni...@gmail.com > > >> skype: eniorm > > >> msn: /dev/null > > >> > > >> > FreeBSD -:- OpenBSD -:- > > >> > Coleções Marcas de Cigarros > > >> < Obi-Wan has taught you well > > >> - > > >> Histórico: http://www.fug.com.br/historico/html/freebsd/ > > >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > >> > > > > > > > > > > o fluxo existe porém o tcpdump aparentemente está exibindo os dados não > > indorretos, mas faltando informação > > > > 2009-11-20 13:46:19.567293 rule 0/0(match): block in on re1: [|ip] > > 2009-11-20 13:46:19.567326 rule 0/0(match): block in on re1: [|ip] > > 2009-11-20 13:46:28.971898 rule 31/0(match): pass in on re1: [|ip] > > 2009-11-20 13:46:29.101700 rule 31/0(match): pass in on re1: [|ip] > > 2009-11-20 13:46:41.066787 rule 31/0(match): pass in on re1: [|ip] > > 2009-11-20 13:46:50.565130 rule 0/0(match): block in on re1: [|ip] > > 2009-11-20 13:46:50.565222 rule 0/0(match): block in on re1: [|ip] > > 2009-11-20 13:46:50.565241 rule 0/0(match): block in on re1: [|ip] > > 2009-11-20 13:46:50.565259 rule 0/0(match): block in on re1: [|ip] > > 2009-11-20 13:46:51.752977 rule 5/0(match): pass out on re1: [|ip] > > 2009-11-20 13:46:51.753013 rule 30/0(match): pass in on re1: [|ip] > > 2009-11-20 13:46:51.753765 rule 30/0(match): pass in on re1: [|ip] > > 2009-11-20 13:46:56.595686 rule 30/0(match): pass in on re1: [|ip] > > > > > > note que tem os registros de block ou pass, normais das minhas regras, > > porém > > as linhas nao trazem de onde e para onde (ip e porta) > > > > > > > > > > -- > > ENIO RODRIGO MARCONCINI > > gtalk: eni...@gmail.com > > skype: eniorm > > msn: /dev/null > > > > > FreeBSD -:- OpenBSD -:- > > > Coleções Marcas de Cigarros > > < Obi-Wan has taught you well > > - > > Histórico: http://www.fug.com.br/historico/html/freebsd/ > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > > > > > -- > Giancarlo Rubio > - > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > ahhh o mais estranho eu notei hoje um tcpdump -ttt -n -e -r /var/log/pflog apresenta os dados completos: 2009-11-21 10:07:53.517997 rule 38/0(match): pass in on re1: 192.168.0.1.138 > 192.168.0.255.138: NBT UDP PACKET(138) 2009-11-21 10:07:53.518037 rule 37/0(match): pass in on re1: 192.168.0.3.137 > 192.168.0.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 2009-11-21 10:07:53.518172 rule 37/0(match): pass in on re1: 192.168.0.5.137 > 192.168.0.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 2009-11-21 10:08:15.398729 rule 38/0(match): pass in on re1: 192.168.0.41.138 > 192.168.0.255.138: NBT UDP PACKET(138) 2009-11-21 10:08:15.408985 rule 0/0(match): block in on re1: 192.168.0.3.631 > 255.255.255.255.631: UDP, length 165 2009-11-21 10:08:15.409070 rule 0/0(match): block in on re1: 192.168.0.3.631 > 192.168.0.255.631: UDP, length 161 2009-11-21 10:08:15.409088 rule 0/0(match): block in on re1: 192.168.0.3.631 > 192.168.0.255.631: UDP, le
Re: [FUG-BR] tcpdump e pflog0 com poucos dados
2009/11/20 Giancarlo Rubio
> poste seu pf.conf inteiro
>
> --
> Giancarlo Rubio
> -
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
aí vai
## MACROS
nic_interna = "re1"
nic_externa = "re2"
rede_interna = "192.168.0.0/24"
rede_wireless = "192.168.10.0/24"
table persist { $rede_interna $rede_wireless }
table persist { X.Y.Z.T }
## OPCOES
set skip on lo0
set block-policy drop
#set loginterface pflog0
scrub in all
###
nat on $nic_externa from to any -> ($nic_externa)
# nat para ftp
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $nic_interna inet proto tcp from any to port 21 -> 127.0.0.1 port
8021
## REGRAS
# bloqueia tudo por padrao
block log all
# ftp
anchor "ftp-proxy/*"
# libera saida externa
pass out log on $nic_externa inet proto tcp from any to any flags S/SA
modulate state
pass out log on $nic_externa inet proto udp from any to any keep state
# libera saida interna
pass out quick log on $nic_interna inet proto tcp from any to any flags S/SA
modulate state
pass out quick log on $nic_interna inet proto udp from any to any keep state
# libera ICMP
pass inet proto icmp from any to any keep state
# permite acesso externo dos ips autorizados ao WebMin
pass in quick log on $nic_externa inet proto tcp from to
($nic_externa) flags S/SA modulate state
pass in quick log on $nic_interna inet proto tcp from any to any flags S/SA
modulate state
# permite acesso ssh de fora e interno
pass in quick log on $nic_externa inet proto tcp from to
($nic_externa) port 65022 flags S/SA modulate state
pass in quick log on $nic_interna inet proto tcp from any to any port 65022
flags S/SA modulate state
# permite acesso named de fora e interno
pass in quick on {$nic_externa $nic_interna} inet proto tcp from any to any
port 53 flags S/SA modulate state
pass in quick on {$nic_externa $nic_interna} inet proto udp from any to any
port 53 keep state
# porta 80 interno e externo
pass in quick on $nic_externa inet proto tcp from any to any port 80 flags
S/SA modulate state
pass in quick on $nic_interna inet proto tcp from any to ($nic_interna) port
80 flags S/SA modulate state
# porta 443 interno
pass in quick on $nic_interna inet proto tcp from any to any port 443 flags
S/SA modulate state
# libera ftp interno e externo
pass in quick on {$nic_externa $nic_interna} inet proto tcp from any to any
port {20 21} flags S/SA modulate state
pass in quick on {$nic_externa $nic_interna} inet proto udp from any to any
port {20 21} keep state
pass in quick on $nic_interna inet proto tcp from any to any port 8021 flags
S/SA modulate state
pass in quick on $nic_externa inet proto tcp from any to any port > 49151
flags S/SA modulate state
# smb interno
pass in quick log on $nic_interna inet proto tcp from any to any port {445
139} flags S/SA modulate state
pass in quick log on $nic_interna inet proto udp from any to any port {137
138} keep state
# squid interno
pass in quick on $nic_interna inet proto tcp from any to any port 3128 flags
S/SA modulate state
# portas de email
pass quick inet proto tcp from any to any port {25 110} flags S/SA modulate
state
pass quick inet proto udp from any to any port {25 110} keep state
# EOF
--
ENIO RODRIGO MARCONCINI
gtalk: eni...@gmail.com
skype: eniorm
msn: /dev/null
> FreeBSD -:- OpenBSD -:-
> Coleções Marcas de Cigarros
< Obi-Wan has taught you well
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] tcpdump e pflog0 com poucos dados
2009/11/20 Enio Marconcini > > 2009/11/20 Amim > > Se tu debugar a regra tu consegue ver se existe mesmo algum pacote saindo >> por ela? >> >> Acredito que tu tenha um pass sem o LOG antes dessa regra e que teus >> pacotes tão saindo por ali. >> >> -- >> Amim >> >> 2009/11/20 Enio Marconcini >> >>> 2009/11/20 Giancarlo Rubio >>> >>> >>> > Tente adicionar no fim das suas regras >>> > block log quick from any to any >>> > >>> > e troque sua regra inicial de block log all para apenas block >>> > >>> > >>> > 2 >>> > >>> > >>> > -- >>> > Giancarlo Rubio >>> > - >>> > Histórico: http://www.fug.com.br/historico/html/freebsd/ >>> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >>> > >>> >>> fiz dessa forma, nada tbm >>> >>> só mostra isso >>> >>> tcpdump: WARNING: pflog0: no IPv4 address assigned >>> tcpdump: verbose output suppressed, use -v or -vv for full protocol >>> decode >>> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size >>> 68 >>> bytes >>> 00 rule 12/0(match): pass out on re1: [|ip] >>> 000521 rule 44/0(match): block in on re1: [|ip] >>> 2. 201811 rule 44/0(match): block in on re1: [|ip] >>> 8. 363237 rule 44/0(match): block in on re1: [|ip] >>> 000108 rule 44/0(match): block in on re1: [|ip] >>> 28 rule 44/0(match): block in on re1: [|ip] >>> 06 rule 44/0(match): block in on re1: [|ip] >>> 30. 996715 rule 44/0(match): block in on re1: [|ip] >>> 09 rule 44/0(match): block in on re1: [|ip] >>> 21 rule 44/0(match): block in on re1: [|ip] >>> 19 rule 44/0(match): block in on re1: [|ip] >>> >>> >>> >>> -- >>> ENIO RODRIGO MARCONCINI >>> gtalk: eni...@gmail.com >>> skype: eniorm >>> msn: /dev/null >>> >>> > FreeBSD -:- OpenBSD -:- >>> > Coleções Marcas de Cigarros >>> < Obi-Wan has taught you well >>> - >>> Histórico: http://www.fug.com.br/historico/html/freebsd/ >>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >>> >> >> > > o fluxo existe porém o tcpdump aparentemente está exibindo os dados não > indorretos, mas faltando informação > > 2009-11-20 13:46:19.567293 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:19.567326 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:28.971898 rule 31/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:29.101700 rule 31/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:41.066787 rule 31/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:50.565130 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:50.565222 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:50.565241 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:50.565259 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:51.752977 rule 5/0(match): pass out on re1: [|ip] > 2009-11-20 13:46:51.753013 rule 30/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:51.753765 rule 30/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:56.595686 rule 30/0(match): pass in on re1: [|ip] > > > note que tem os registros de block ou pass, normais das minhas regras, > porém as linhas nao trazem de onde e para onde (ip e porta) > > > > > -- > ENIO RODRIGO MARCONCINI > gtalk: eni...@gmail.com > skype: eniorm > msn: /dev/null > > > FreeBSD -:- OpenBSD -:- > > Coleções Marcas de Cigarros > < Obi-Wan has taught you well > ahh esqueci de comentar, um tcpdump no arquivo binário /var/log/pflog mostra normalmente, mas nao em tempo real né, eu ja fiz tcpdump normal direto no interface pflog0 e exibia os dados completos ja verifiquei no meu conf de kernel, está ativo normalmente as opções e devices do PF de acordo com o handbook -- ENIO RODRIGO MARCONCINI gtalk: eni...@gmail.com skype: eniorm msn: /dev/null > FreeBSD -:- OpenBSD -:- > Coleções Marcas de Cigarros < Obi-Wan has taught you well - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] tcpdump e pflog0 com poucos dados
poste seu pf.conf inteiro 2009/11/20 Enio Marconcini > 2009/11/20 Amim > > > Se tu debugar a regra tu consegue ver se existe mesmo algum pacote saindo > > por ela? > > > > Acredito que tu tenha um pass sem o LOG antes dessa regra e que teus > > pacotes tão saindo por ali. > > > > -- > > Amim > > > > 2009/11/20 Enio Marconcini > > > >> 2009/11/20 Giancarlo Rubio > >> > >> > >> > Tente adicionar no fim das suas regras > >> > block log quick from any to any > >> > > >> > e troque sua regra inicial de block log all para apenas block > >> > > >> > > >> > 2 > >> > > >> > > >> > -- > >> > Giancarlo Rubio > >> > - > >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ > >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > >> > > >> > >> fiz dessa forma, nada tbm > >> > >> só mostra isso > >> > >> tcpdump: WARNING: pflog0: no IPv4 address assigned > >> tcpdump: verbose output suppressed, use -v or -vv for full protocol > decode > >> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size > 68 > >> bytes > >> 00 rule 12/0(match): pass out on re1: [|ip] > >> 000521 rule 44/0(match): block in on re1: [|ip] > >> 2. 201811 rule 44/0(match): block in on re1: [|ip] > >> 8. 363237 rule 44/0(match): block in on re1: [|ip] > >> 000108 rule 44/0(match): block in on re1: [|ip] > >> 28 rule 44/0(match): block in on re1: [|ip] > >> 06 rule 44/0(match): block in on re1: [|ip] > >> 30. 996715 rule 44/0(match): block in on re1: [|ip] > >> 09 rule 44/0(match): block in on re1: [|ip] > >> 21 rule 44/0(match): block in on re1: [|ip] > >> 19 rule 44/0(match): block in on re1: [|ip] > >> > >> > >> > >> -- > >> ENIO RODRIGO MARCONCINI > >> gtalk: eni...@gmail.com > >> skype: eniorm > >> msn: /dev/null > >> > >> > FreeBSD -:- OpenBSD -:- > >> > Coleções Marcas de Cigarros > >> < Obi-Wan has taught you well > >> - > >> Histórico: http://www.fug.com.br/historico/html/freebsd/ > >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > >> > > > > > > o fluxo existe porém o tcpdump aparentemente está exibindo os dados não > indorretos, mas faltando informação > > 2009-11-20 13:46:19.567293 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:19.567326 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:28.971898 rule 31/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:29.101700 rule 31/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:41.066787 rule 31/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:50.565130 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:50.565222 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:50.565241 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:50.565259 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:51.752977 rule 5/0(match): pass out on re1: [|ip] > 2009-11-20 13:46:51.753013 rule 30/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:51.753765 rule 30/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:56.595686 rule 30/0(match): pass in on re1: [|ip] > > > note que tem os registros de block ou pass, normais das minhas regras, > porém > as linhas nao trazem de onde e para onde (ip e porta) > > > > > -- > ENIO RODRIGO MARCONCINI > gtalk: eni...@gmail.com > skype: eniorm > msn: /dev/null > > > FreeBSD -:- OpenBSD -:- > > Coleções Marcas de Cigarros > < Obi-Wan has taught you well > - > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > -- Giancarlo Rubio - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] tcpdump e pflog0 com poucos dados
2009/11/20 Amim > Se tu debugar a regra tu consegue ver se existe mesmo algum pacote saindo > por ela? > > Acredito que tu tenha um pass sem o LOG antes dessa regra e que teus > pacotes tão saindo por ali. > > -- > Amim > > 2009/11/20 Enio Marconcini > >> 2009/11/20 Giancarlo Rubio >> >> >> > Tente adicionar no fim das suas regras >> > block log quick from any to any >> > >> > e troque sua regra inicial de block log all para apenas block >> > >> > >> > 2 >> > >> > >> > -- >> > Giancarlo Rubio >> > - >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > >> >> fiz dessa forma, nada tbm >> >> só mostra isso >> >> tcpdump: WARNING: pflog0: no IPv4 address assigned >> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode >> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68 >> bytes >> 00 rule 12/0(match): pass out on re1: [|ip] >> 000521 rule 44/0(match): block in on re1: [|ip] >> 2. 201811 rule 44/0(match): block in on re1: [|ip] >> 8. 363237 rule 44/0(match): block in on re1: [|ip] >> 000108 rule 44/0(match): block in on re1: [|ip] >> 28 rule 44/0(match): block in on re1: [|ip] >> 06 rule 44/0(match): block in on re1: [|ip] >> 30. 996715 rule 44/0(match): block in on re1: [|ip] >> 09 rule 44/0(match): block in on re1: [|ip] >> 21 rule 44/0(match): block in on re1: [|ip] >> 19 rule 44/0(match): block in on re1: [|ip] >> >> >> >> -- >> ENIO RODRIGO MARCONCINI >> gtalk: eni...@gmail.com >> skype: eniorm >> msn: /dev/null >> >> > FreeBSD -:- OpenBSD -:- >> > Coleções Marcas de Cigarros >> < Obi-Wan has taught you well >> - >> Histórico: http://www.fug.com.br/historico/html/freebsd/ >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > > o fluxo existe porém o tcpdump aparentemente está exibindo os dados não indorretos, mas faltando informação 2009-11-20 13:46:19.567293 rule 0/0(match): block in on re1: [|ip] 2009-11-20 13:46:19.567326 rule 0/0(match): block in on re1: [|ip] 2009-11-20 13:46:28.971898 rule 31/0(match): pass in on re1: [|ip] 2009-11-20 13:46:29.101700 rule 31/0(match): pass in on re1: [|ip] 2009-11-20 13:46:41.066787 rule 31/0(match): pass in on re1: [|ip] 2009-11-20 13:46:50.565130 rule 0/0(match): block in on re1: [|ip] 2009-11-20 13:46:50.565222 rule 0/0(match): block in on re1: [|ip] 2009-11-20 13:46:50.565241 rule 0/0(match): block in on re1: [|ip] 2009-11-20 13:46:50.565259 rule 0/0(match): block in on re1: [|ip] 2009-11-20 13:46:51.752977 rule 5/0(match): pass out on re1: [|ip] 2009-11-20 13:46:51.753013 rule 30/0(match): pass in on re1: [|ip] 2009-11-20 13:46:51.753765 rule 30/0(match): pass in on re1: [|ip] 2009-11-20 13:46:56.595686 rule 30/0(match): pass in on re1: [|ip] note que tem os registros de block ou pass, normais das minhas regras, porém as linhas nao trazem de onde e para onde (ip e porta) -- ENIO RODRIGO MARCONCINI gtalk: eni...@gmail.com skype: eniorm msn: /dev/null > FreeBSD -:- OpenBSD -:- > Coleções Marcas de Cigarros < Obi-Wan has taught you well - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] tcpdump e pflog0 com poucos dados
2009/11/20 Giancarlo Rubio > Tente adicionar no fim das suas regras > block log quick from any to any > > e troque sua regra inicial de block log all para apenas block > > > 2 > > > -- > Giancarlo Rubio > - > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > fiz dessa forma, nada tbm só mostra isso tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68 bytes 00 rule 12/0(match): pass out on re1: [|ip] 000521 rule 44/0(match): block in on re1: [|ip] 2. 201811 rule 44/0(match): block in on re1: [|ip] 8. 363237 rule 44/0(match): block in on re1: [|ip] 000108 rule 44/0(match): block in on re1: [|ip] 28 rule 44/0(match): block in on re1: [|ip] 06 rule 44/0(match): block in on re1: [|ip] 30. 996715 rule 44/0(match): block in on re1: [|ip] 09 rule 44/0(match): block in on re1: [|ip] 21 rule 44/0(match): block in on re1: [|ip] 19 rule 44/0(match): block in on re1: [|ip] -- ENIO RODRIGO MARCONCINI gtalk: eni...@gmail.com skype: eniorm msn: /dev/null > FreeBSD -:- OpenBSD -:- > Coleções Marcas de Cigarros < Obi-Wan has taught you well - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] tcpdump e pflog0 com poucos dados
Tente adicionar no fim das suas regras block log quick from any to any e troque sua regra inicial de block log all para apenas block 2009/11/20 Enio Marconcini > 2009/11/18 Enio Marconcini > > > amigos, como muitos já sabem, quando debugando algum problema é melhor > ter > > muita informação do que nenhuma > > > > acontece que estou testando meu conjunto de regras de PF no > > FreeBSD7.2-Stable e com o comando que ja estava acostumado a usar: > > > > amnesiac# tcpdump -e -n -ttt -i pflog0 > > > > tem me trazido muito pouca informação, a exemplo disso (o block all > padrão) > > > > 16 rule 0/0(match): block in on re1: [|ip] > > 21 rule 0/0(match): block in on re1: [|ip] > > 21 rule 0/0(match): block in on re1: [|ip] > > 30. 997843 rule 0/0(match): block in on re1: [|ip] > > 000119 rule 0/0(match): block in on re1: [|ip] > > > > > > notem que são somente logs de blocks, nenhum pass, sendo que já existe > nas > > regras vários "pass" com log > > > > > > meu rc.conf > > pf_enable="YES" > > pf_rules="/etc/pf.conf" > > pflog_enable="YES" > > pflog_logfile="/var/log/pflog" > > > > pflog > > amnesiac# ifconfig pflog0 > > pflog0: flags=141 metric 0 mtu 33160 > > > > uns exemplos de regras que estou usando > > > > block log all > > ... > > saida interna > > pass out log on $nic_interna . > > > > > > alguém sabe o que pode estar errado ? > > > > > > > > > > -- > > ENIO RODRIGO MARCONCINI > > gtalk: eni...@gmail.com > > skype: eniorm > > msn: /dev/null > > > > > FreeBSD -:- OpenBSD -:- > > > Coleções Marcas de Cigarros > > < Obi-Wan has taught you well > > > > > > até agora nada einh, alguém mais se arrisca? > abraços > > > -- > ENIO RODRIGO MARCONCINI > gtalk: eni...@gmail.com > skype: eniorm > msn: /dev/null > > > FreeBSD -:- OpenBSD -:- > > Coleções Marcas de Cigarros > < Obi-Wan has taught you well > - > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > -- Giancarlo Rubio - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] tcpdump e pflog0 com poucos dados
2009/11/18 Enio Marconcini > amigos, como muitos já sabem, quando debugando algum problema é melhor ter > muita informação do que nenhuma > > acontece que estou testando meu conjunto de regras de PF no > FreeBSD7.2-Stable e com o comando que ja estava acostumado a usar: > > amnesiac# tcpdump -e -n -ttt -i pflog0 > > tem me trazido muito pouca informação, a exemplo disso (o block all padrão) > > 16 rule 0/0(match): block in on re1: [|ip] > 21 rule 0/0(match): block in on re1: [|ip] > 21 rule 0/0(match): block in on re1: [|ip] > 30. 997843 rule 0/0(match): block in on re1: [|ip] > 000119 rule 0/0(match): block in on re1: [|ip] > > > notem que são somente logs de blocks, nenhum pass, sendo que já existe nas > regras vários "pass" com log > > > meu rc.conf > pf_enable="YES" > pf_rules="/etc/pf.conf" > pflog_enable="YES" > pflog_logfile="/var/log/pflog" > > pflog > amnesiac# ifconfig pflog0 > pflog0: flags=141 metric 0 mtu 33160 > > uns exemplos de regras que estou usando > > block log all > ... > saida interna > pass out log on $nic_interna . > > > alguém sabe o que pode estar errado ? > > > > > -- > ENIO RODRIGO MARCONCINI > gtalk: eni...@gmail.com > skype: eniorm > msn: /dev/null > > > FreeBSD -:- OpenBSD -:- > > Coleções Marcas de Cigarros > < Obi-Wan has taught you well > até agora nada einh, alguém mais se arrisca? abraços -- ENIO RODRIGO MARCONCINI gtalk: eni...@gmail.com skype: eniorm msn: /dev/null > FreeBSD -:- OpenBSD -:- > Coleções Marcas de Cigarros < Obi-Wan has taught you well - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] tcpdump e pflog0 com poucos dados
2009/11/18 Wanderson Tinti > 2009/11/18 Enio Marconcini > > > amigos, como muitos já sabem, quando debugando algum problema é melhor > ter > > muita informação do que nenhuma > > > > acontece que estou testando meu conjunto de regras de PF no > > FreeBSD7.2-Stable e com o comando que ja estava acostumado a usar: > > > > amnesiac# tcpdump -e -n -ttt -i pflog0 > > > > tem me trazido muito pouca informação, a exemplo disso (o block all > padrão) > > > > 16 rule 0/0(match): block in on re1: [|ip] > > 21 rule 0/0(match): block in on re1: [|ip] > > 21 rule 0/0(match): block in on re1: [|ip] > > 30. 997843 rule 0/0(match): block in on re1: [|ip] > > 000119 rule 0/0(match): block in on re1: [|ip] > > > > > > notem que são somente logs de blocks, nenhum pass, sendo que já existe > nas > > regras vários "pass" com log > > > > > > meu rc.conf > > pf_enable="YES" > > pf_rules="/etc/pf.conf" > > pflog_enable="YES" > > pflog_logfile="/var/log/pflog" > > > > pflog > > amnesiac# ifconfig pflog0 > > pflog0: flags=141 metric 0 mtu 33160 > > > > uns exemplos de regras que estou usando > > > > block log all > > ... > > saida interna > > pass out log on $nic_interna . > > > > > > alguém sabe o que pode estar errado ? > > > > > > > Boa noite. > > Já tentou usar as opções de modo verbose [-vvv] ? > - > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > já sim! nada -- ENIO RODRIGO MARCONCINI gtalk: eni...@gmail.com skype: eniorm msn: /dev/null > FreeBSD -:- OpenBSD -:- > Coleções Marcas de Cigarros < Obi-Wan has taught you well - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] tcpdump e pflog0 com poucos dados
2009/11/18 Enio Marconcini > amigos, como muitos já sabem, quando debugando algum problema é melhor ter > muita informação do que nenhuma > > acontece que estou testando meu conjunto de regras de PF no > FreeBSD7.2-Stable e com o comando que ja estava acostumado a usar: > > amnesiac# tcpdump -e -n -ttt -i pflog0 > > tem me trazido muito pouca informação, a exemplo disso (o block all padrão) > > 16 rule 0/0(match): block in on re1: [|ip] > 21 rule 0/0(match): block in on re1: [|ip] > 21 rule 0/0(match): block in on re1: [|ip] > 30. 997843 rule 0/0(match): block in on re1: [|ip] > 000119 rule 0/0(match): block in on re1: [|ip] > > > notem que são somente logs de blocks, nenhum pass, sendo que já existe nas > regras vários "pass" com log > > > meu rc.conf > pf_enable="YES" > pf_rules="/etc/pf.conf" > pflog_enable="YES" > pflog_logfile="/var/log/pflog" > > pflog > amnesiac# ifconfig pflog0 > pflog0: flags=141 metric 0 mtu 33160 > > uns exemplos de regras que estou usando > > block log all > ... > saida interna > pass out log on $nic_interna . > > > alguém sabe o que pode estar errado ? > > > Boa noite. Já tentou usar as opções de modo verbose [-vvv] ? - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] tcpdump
Sua placa é da Nvidia. a MCP61 Poderia me enformar sobre o estado atual de utilização da placa.. Pode ser problema no sistema operacional ou no proprio TCPdump ou apenas incompatibilidade. -- Atenciosamente Paulo Henrique. To Powered By BSD Unix. - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] TCPDUMP
nada demais.. [ou quase ;)] apenas está vindo um "ping" do 10.0.0.14 pra 192.168.0.10.. acontece que PODE HAVER u´a máquina em sua rede interna com êsse 10.xx aí, pq (salvo engano) os dois enderêços não são roteáveis e, portanto, não podem estar vindo da internet diretamente. vc não tem algum roteador em algum lugar? ou dois? a rede 10.xx é habitualmente encontrada nos links de comunicação de um roteador a outro (link mesmo) - interface WAN. >On Wed, 1 Jun 2005 11:00:34 -0300 (ART) Andre Luiz <[EMAIL PROTECTED]> wrote. >Dei um tcpdump e apareceu. Alguem pode me dizer o q quer dizer isso? >srv03# tcpdump -i wi0 |grep 192.168.0.10 >tcpdump: listening on wi0 >10:45:42.167891 192.168.0.2 > 192.168.0.10: icmp: echo reply >10:45:42.865023 10.0.0.14 > 192.168.0.10: icmp: echo request >10:45:42.867708 10.0.0.14 > 192.168.0.10: icmp: echo request >10:45:43.269010 192.168.0.2 > 192.168.0.10: icmp: echo reply ___ Freebsd mailing list Freebsd@fug.com.br http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
Re: [FUG-BR] TCPDUMP
Andre Luiz wrote: Dei um tcpdump e apareceu. Alguem pode me dizer o q quer dizer isso? srv03# tcpdump -i wi0 |grep 192.168.0.10 tcpdump: listening on wi0 10:45:42.167891 192.168.0.2 > 192.168.0.10: icmp: echo reply 10:45:42.865023 10.0.0.14 > 192.168.0.10: icmp: echo request 10:45:42.867708 10.0.0.14 > 192.168.0.10: icmp: echo request 10:45:43.269010 192.168.0.2 > 192.168.0.10: icmp: echo reply 10:47:35.877038 10.0.0.14 > 192.168.0.10: icmp: echo request 10:47:35.931138 10.0.0.14 > 192.168.0.10: icmp: echo request 10:47:35.981163 192.168.0.10 > 10.0.0.14: icmp: echo reply 10:47:36.867020 10.0.0.14 > 192.168.0.10: icmp: echo request 10:47:37.082175 10.0.0.14 > 192.168.0.10: icmp: echo request 10:47:37.121823 10.0.0.14 > 192.168.0.10: icmp: echo request 10:47:37.140158 10.0.0.14 > 192.168.0.10: icmp: echo request 10:47:37.146113 10.0.0.14 > 192.168.0.10: icmp: echo request 10:48:07.366335 10.0.0.14 > 192.168.0.10: icmp: echo request 10:48:07.36 10.0.0.14 > 192.168.0.10: icmp: echo request 10:48:07.371171 192.168.0.10 > 10.0.0.14: icmp: echo reply 10:48:08.366338 10.0.0.14 > 192.168.0.10: icmp: echo request 10:48:08.370552 10.0.0.14 > 192.168.0.10: icmp: echo request 10:48:08.372449 192.168.0.10 > 10.0.0.14: icmp: echo reply 10:48:55.432856 192.168.0.2 > 192.168.0.10: icmp: echo reply 10:48:55.866782 10.0.0.14 > 192.168.0.10: icmp: echo request 10:48:55.869066 10.0.0.14 > 192.168.0.10: icmp: echo reque __ Converse com seus amigos em tempo real com o Yahoo! Messenger http://br.download.yahoo.com/messenger/ ___ Freebsd mailing list Freebsd@fug.com.br http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br Ping ___ Freebsd mailing list Freebsd@fug.com.br http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
