On Fri, Jan 11, 2002 at 04:23:07PM -0800, madhombre@yahoo.com wrote:
> I have some problems with the inbound access to my
> system.
> 
> Can some one help me with the effective use of network
> troubleshooting tools.
> 
> I know about tcpdump and ipmon but I don't seem to be
> able to track anything.
> 
> WHen I do a tcpdump on the ppp0 interface, I get
> nothing execpt when I control C, then I get a message
> saying 5 packets recieved by the filter, 0 dropped by
> the kernal.
> 
> So I assuen the 5 ping packets I sent are getting
> there, what is my next step, how do I tell if it is a
> IPNAT problem or a firewall issue.

The best way: make sure your kernel is compiled with "options IPFILTER_LOG".
Make sure all your "block" ipf rules have the "log" keyword.
Then start ipmon and see if some packets get bloked when they should not.

> 
> If they show up on tcpdump is that before or after
> IPNAT? I think after, but before the firewall.

To, before IPNAT and before firewall. It's strait out of the network interface,
before any processing.

> 
> I then tried ipmon -a | grep b
> this doesn't show any packets being blocked so how can
> I track down the problem, I tried doing an open door
> firewall and it still didn't work.
> 
> I need a hand in using these cools effectively, 

Use tcpdump, without any filters. If output is too verbose, use filters
to filters what you don't need only. See the tcpdump man page.

If the packets you're looking for reaches the interface, then go look
at ipf and ipnat, but first make sure that packets effectively reach the
interface.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
--