From owner-freebsd-security Thu Apr 13 4:21:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail2.x-treme.gr (mail2.x-treme.gr [212.120.196.24]) by hub.freebsd.org (Postfix) with ESMTP id E488337B5DB for ; Thu, 13 Apr 2000 04:21:27 -0700 (PDT) (envelope-from keramida@diogenis.ceid.upatras.gr) Received: from hades.hell.gr (pat51.x-treme.gr [212.120.197.243]) by mail2.x-treme.gr (8.9.3/8.9.3/IPNG-ADV-ANTISPAM-0.1) with SMTP id OAA30786 for ; Thu, 13 Apr 2000 14:21:21 +0300 Received: (qmail 22124 invoked by uid 1001); 13 Apr 2000 02:29:53 -0000 Date: Thu, 13 Apr 2000 05:29:52 +0300 From: Giorgos Keramidas To: Paul Mielke Cc: Ron Smith , security@freebsd.org Subject: Re: NAT and /etc/rc.firewall Message-ID: <20000413052952.A21547@hades.hell.gr> Reply-To: keramida@ceid.upatras.gr References: <20000413002323.98449.qmail@hotmail.com> <4.2.0.58.20000412163416.00b74a20@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <4.2.0.58.20000412163416.00b74a20@localhost>; from paulm@securify.com on Wed, Apr 12, 2000 at 04:41:54PM -0700 X-PGP-Fingerprint: 62 45 D1 C9 26 F9 95 06 D6 21 2A C8 8C 16 C0 8E Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 12, 2000 at 04:41:54PM -0700, Paul Mielke wrote: > At 05:23 PM 4/12/00 -0700, Ron Smith wrote: > > ... > > For now, I would suggest that you try to diagnose the problem by > either using "ipfw show" or by using the 'log' keyword on all the > ipfw rules to figure out which rule is the one that is trashing your > packets. > > For example, do the following: > > ipfw show > fw.stats.after > do some operation that fails > ipfw show > fw.stats.after Of course this was meant to be: ipfw show > fw.stats.before do some operation that fails ipfw show > fw.stats.after and then a simple diff should be enough to provide with information on what rules were triggered: diff -u fw.stats.before fw.stats.after -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > For my public pgp key: finger keramida@diogenis.ceid.upatras.gr See the headers of this message for the key finger-print. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message