Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

ipf/ipnat behavior

I'm still trying to track down some anomolous behavior I'm seeing on my -current (as of about 12 hours ago) nat box. I've noticed that even when I have an empty /etc/ipf.conf file (no filter rules at all), ipfstat still claims that packets are being dropped/blocked! Is this normal? 

See the attached output for an example...

----------------------------------------------------------------------
|   Paul Goyette   | PGP DSS Key fingerprint: |  E-mail addresses:   |
| Customer Service | FA29 0E3B 35AF E8AE 6651 |  paul%whooppee.com@localhost   |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette%juniper.net@localhost |
----------------------------------------------------------------------
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        
capabilities=3f80<TSO4,IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
        
enabled=3f80<TSO4,IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
        address: 00:1e:2a:3f:6c:29
        media: Ethernet autoselect
        status: active
        inet 66.92.186.133 netmask 0xffffff00 broadcast 66.92.186.255
nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        
capabilities=3f00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
        
enabled=3f00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
        address: 00:19:21:0b:54:b9
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.2.250 netmask 0xffffff00 broadcast 192.168.2.255
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33648
        inet 127.0.0.1 netmask 0xff000000
map re0 192.168.2.0/25 -> 0/32 proxy port ftp ftp/tcp
map re0 192.168.2.0/25 -> 0/32 portmap tcp/udp 40000:60000
map re0 192.168.2.0/25 -> 0/32

bad packets:            in 0    out 0
 IPv6 packets:          in 0 out 0
 input packets:         blocked 0 passed 3154 nomatch 1623 counted 0 short 0
output packets:         blocked 0 passed 3149 nomatch 1616 counted 0 short 0
 input packets logged:  blocked 0 passed 0
output packets logged:  blocked 0 passed 0
 packets logged:        input 0 output 0
 log failures:          input 0 output 0
fragment state(in):     kept 0  lost 0  not fragmented 0
fragment state(out):    kept 0  lost 0  not fragmented 0
packet state(in):       kept 0  lost 0
packet state(out):      kept 0  lost 0
ICMP replies:   0       TCP RSTs sent:  0
Invalid source(in):     0
Result cache hits(in):  1531    (out):  1533
IN Pullups succeeded:   0       failed: 0
OUT Pullups succeeded:  0       failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
IPF Ticks:      947
Packet log flags set: (0)
        none
List of active MAP/Redirect filters:
map re0 192.168.2.0/25 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map re0 192.168.2.0/25 -> 0.0.0.0/32 portmap tcp/udp 40000:60000
map re0 192.168.2.0/25 -> 0.0.0.0/32

List of active sessions:
MAP 192.168.2.1     3666  <- -> 66.92.186.133   40052 [69.59.240.75 123]
MAP 192.168.2.1     3666  <- -> 66.92.186.133   40051 [216.115.31.140 53]
MAP 192.168.2.1     10000 <- -> 66.92.186.133   40050 [216.115.30.92 10000]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40049 [24.59.121.72 7489]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40048 [69.137.72.57 36096]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40047 [76.117.154.53 18777]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40046 [72.240.90.154 13428]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40045 [76.125.13.229 40619]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40044 [76.17.92.6 6348]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40043 [67.160.100.212 6348]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40042 [122.107.17.188 6348]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40041 [78.88.79.243 6348]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40040 [79.32.52.119 6346]
MAP 192.168.2.4     56330 <- -> 66.92.186.133   40030 [64.81.79.2 53]
MAP 192.168.2.3     4792  <- -> 66.92.186.133   40029 [66.129.225.23 4500]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40025 [96.228.167.210 31682]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40024 [70.101.63.73 34298]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40023 [77.96.230.164 34726]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40022 [70.124.32.145 36848]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40021 [69.250.29.89 35271]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40020 [68.1.36.239 6346]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40019 [69.244.199.24 6348]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40018 [85.180.42.196 6348]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40017 [24.209.37.43 6348]
MAP 192.168.2.4     6348  <- -> 66.92.186.133   40016 [71.199.251.183 6348]
MAP 192.168.2.4     62320 <- -> 66.92.186.133   40014 [64.81.79.2 53]
MAP 192.168.2.3     4791  <- -> 66.92.186.133   40013 [66.129.225.23 443]
MAP 192.168.2.4     55906 <- -> 66.92.186.133   40012 [83.7.112.46 6348]
MAP 192.168.2.4     55901 <- -> 66.92.186.133   40002 [83.6.86.253 6348]
 9:13AM  up 8 mins, 1 user, load averages: 0.00, 0.00, 0.00
Home | Main Index | Thread Index | Old Index