[pfSense Support] LOGGING ISSUE

David Strout Sat, 07 Jan 2006 02:55:12 -0800

I have posted this before and got but a hand in
the air "can't replicate/explain it"


So, here it is again w/ more background info.

I have installed BETA1 with a from scratch config
and I get all TCP packets showing up in the
"formatted" log as ESP packets.

FORMATTED LOG OUTPUT:
Jan 7 05:37:49  WAN     66.79.231.100:22034
        24.39.185.78:1026       UDP
Jan 7 05:36:52  WAN     24.39.106.226.7984
        24.39.185.78.445        ESP
Jan 7 05:36:49  WAN     24.39.106.226.7984
        24.39.185.78.445        ESP
Jan 7 05:36:30  WAN     24.39.251.195.1618
        24.39.185.78.139        ESP
Jan 7 05:36:27  WAN     24.39.251.195.1618
        24.39.185.78.139        ESP
Jan 7 05:33:27  WAN     24.182.13.124:13100
        24.39.185.78:1026       UDP

RAW LOG OUTPUT:
Jan 7 05:37:49  pf: 57. 064296 rule 31/0(match):
block in on fxp1: 66.79.231.100.22034 >
24.39.185.78.1026: UDP, length 791

Jan 7 05:36:52  pf: 2. 998852 rule 31/0(match):
block in on fxp1: 24.39.106.226.7984 >
24.39.185.78.445: S 225686055:225686055(0) win
64240 <mss 1440,nop,nop,sackOK>

Jan 7 05:36:49  pf: 19. 301636 rule 31/0(match):
block in on fxp1: 24.39.106.226.7984 >
24.39.185.78.445: S 225686055:225686055(0) win
64240 <mss 1440,nop,nop,sackOK>

Jan 7 05:36:30  pf: 2. 924214 rule 31/0(match):
block in on fxp1: 24.39.251.195.1618 >
24.39.185.78.139: S 4104974480:4104974480(0) win
65535 <mss 1460,nop,nop,sackOK>

Jan 7 05:36:27  pf: 179. 471810 rule 31/0(match):
block in on fxp1: 24.39.251.195.1618 >
24.39.185.78.139: S 4104974480:4104974480(0) win
65535 <mss 1460,nop,nop,sackOK>

Jan 7 05:33:27  pf: 198. 370880 rule 31/0(match):
block in on fxp1: 24.182.13.124.13100 >
24.39.185.78.1026: UDP, length 939

Upon closer inspection (Scott) it looks like the
TCP packets are being "non-reported" either UDP or
TCP, so it looks like pfS or maybe BSD doesn't
know how to classify them ... and thereby stamping
ESP on them.

Hardware is as follows ....

=====
WAN MAC Address Prefix
00508B -> COMPAQ COMPUTER CO

fxp1: <Intel 82558 Pro/100 Ethernet> port
0xbc00-0xbc1f mem
0xe1300000-0xe1300fff,0xe1000000-0xe10fffff irq 5
at device 9.0 on pci0
miibus1: <MII bus> on fxp1
inphy1: <i82555 10/100 media interface> on miibus1
inphy1:  10baseT, 10baseT-FDX, 100baseTX,
100baseTX-FDX, auto
fxp1: Ethernet address: 00:50:8b:08:28:3d

=====   
LAN MAC Address Prefix
0008C7 -> compaq computer corporation

fxp0: <Intel 82558 Pro/100 Ethernet> port
0xb800-0xb81f mem
0xe1301000-0xe1301fff,0xe1100000-0xe11fffff irq 11
at device 8.0 on pci0
miibus0: <MII bus> on fxp0
inphy0: <i82555 10/100 media interface> on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX,
100baseTX-FDX, auto
fxp0: Ethernet address: 00:08:c7:59:26:cd

=====
CPU: AMD Athlon(tm) Processor (751.33-MHz
686-class CPU)
Origin = "AuthenticAMD"  Id = 0x642  Stepping = 2
Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR>
AMD
Features=0xc0440800<SYSCALL,<b18>,MMX+,3DNow+,3DNow>

Yet another reason I state that pfS is NOT ready
for BETA .... at it's current state.


Regards,
DLS



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] LOGGING ISSUE

Reply via email to