Subject: Re: David S /IPF
To: Todd Gruhns Acct <email@example.com>
From: David S. <firstname.lastname@example.org>
Date: 01/05/2002 19:17:59
> I just looked at ipmonlog, the 4 records there
> are from Dec 4. They all are about
> starting/stopping snmptrapd...
> What I am trying to figure out is why does
> ipfilter choke on mail.com packets when I allow
> netbsd.org packets in and vice versa...
Enable 'ipmon' with "ipmon=YES" and something like
"ipmon_flags='-D -f /var/log/ipflog'" in '/etc/rc.conf'. (I use 'syslog'
for logging, but setting that up is a bit more involved; see the
'ipmon' man page if you're curious.) Then add a "log" flag to all of
your "block" rules ("block ... in log ..."). (Re-) Start 'ipf' with
"/etc/rc.d/ipfilter (re)start", and start 'ipmon' with
"/etc/rc.d/ipmon start". Try to access the site in question in
whatever way you do, then see what 'ipmon' writes in '/var/log/ipflog'.
The 'ipmon' man page will explain how to determine which rule is
blocking an attempted connection.