Subject: Re: ipfilter changes in 1.4.2
To: Darren Reed <darrenr@reed.wattle.id.au>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-net
Date: 04/26/2000 18:45:49
On Thu, Apr 27, 2000 at 02:27:22AM +1000, Darren Reed wrote:
> If you do "ipfstat -s" you should be able to find an entry to match both of
> the above.
Ok, so I did a ftp in passive mode from 132.227.63.133 to 132.227.74.11:
List of active MAP/Redirect filters:
map ex0 132.227.63.0/24 -> 132.227.78.1/32 proxy port ftp ftp/tcp
map ex0 132.227.103.0/24 -> 132.227.78.1/32 proxy port ftp ftp/tcp
ipnat -l:
List of active sessions:
MAP 132.227.63.133 65191 <- -> 132.227.78.1 65191 [132.227.74.11 57108]
MAP 132.227.63.133 65192 <- -> 132.227.78.1 65192 [132.227.74.11 57109]
MAP 132.227.63.133 65193 <- -> 132.227.78.1 65193 [132.227.74.11 21]
proxy ftp/6 use 2 flags 0
proto 6 flags 0 bytes 5659 pkts 42 data 0x0 psiz 0
ipstat -s:
IP states added:
33 TCP
0 UDP
0 ICMP
30846 hits
2850097 misses
0 maximum
0 no memory
buckets in use 1
2 active
0 expired
31 closed
132.227.63.133 -> 132.227.74.11 ttl 864000 pass 0 pr 6 state 4/4
pkts 4963 bytes 4527676 65191 -> 57108 2e81d38b:f30fd2d5 17520:17520
in
pkt_flags & 2(b2) = b, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
interfaces: in ex0[0xc038f030] out ex0[0xc038f030]
132.227.63.133 -> 132.227.74.11 ttl 428 pass 0 pr 6 state 5/5
pkts 17 bytes 1040 65192 -> 57109 fd4e55e7:bf66efc5 17520:17520
in
pkt_flags & 2(b2) = b, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
interfaces: in ex0[0xc038f030] out ex0[0xc038f030]
The same but not in passive mode:
List of active MAP/Redirect filters:
map ex0 132.227.63.0/24 -> 132.227.78.1/32 proxy port ftp ftp/tcp
map ex0 132.227.103.0/24 -> 132.227.78.1/32 proxy port ftp ftp/tcp
List of active sessions:
MAP 132.227.63.133 65190 <- -> 132.227.78.1 65190 [132.227.74.11 20]
MAP 132.227.63.133 65191 <- -> 132.227.78.1 65191 [132.227.74.11 57108]
MAP 132.227.63.133 65192 <- -> 132.227.78.1 65192 [132.227.74.11 57109]
MAP 132.227.63.133 65193 <- -> 132.227.78.1 65193 [132.227.74.11 21]
proxy ftp/6 use 2 flags 0
proto 6 flags 0 bytes 6339 pkts 51 data 0x0 psiz 0
Ok, it added a MAP for 132.227.74.11 port 20.
IP states added:
34 TCP
0 UDP
0 ICMP
44128 hits
2859484 misses
0 maximum
0 no memory
buckets in use 1
3 active
0 expired
31 closed
132.227.63.133 -> 132.227.74.11 ttl 864000 pass 0 pr 6 state 4/4
pkts 4237 bytes 3856799 65190 -> 20 550bb21f:184b279e 17520:17520
in
pkt_flags & 2(b2) = b, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
interfaces: in ex0[0xc038f030] out ex0[0xc038f030]
132.227.63.133 -> 132.227.74.11 ttl 453 pass 0 pr 6 state 5/5
pkts 14007 bytes 12784162 65191 -> 57108 2e81d38c:f34b3a41 17520:17520
in
pkt_flags & 2(b2) = b, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
interfaces: in ex0[0xc038f030] out ex0[0xc038f030]
132.227.63.133 -> 132.227.74.11 ttl 391 pass 0 pr 6 state 5/5
pkts 17 bytes 1040 65192 -> 57109 fd4e55e7:bf66efc5 17520:17520
in
pkt_flags & 2(b2) = b, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
interfaces: in ex0[0xc038f030] out ex0[0xc038f030]
It looks like it added a state from 132.227.72.133 to 132.227.74.11, where
it should have been the opposite. Did I miss something ?
--
Manuel Bouyer, LIP6, Universite Paris VI. Manuel.Bouyer@lip6.fr
--