[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tcpdump and rule -1/0



vlan6 in that rule doesn't mean vlan number 6, it means the interface 
vlan6. that is not neccessarily vlan number 6.
On Thu, Sep 11, 2003 at 06:00:53PM -0500, Eaton, Andy wrote:
> It looks to me like I just needed to flush all the rules and start over.
> My rules are being parsed ok now.  I do have one other question though.
> Why won't a rule like the following match?
>  
> pass in quick log-all on vlan6 inet proto tcp  from 172.16.8.71 to
> 128.252.21.6 port 135  flags S/SA keep state
>  
> I know that 128.252.21.6 resides on vlan6. I can see that traffic in a
> tcpdump -n -e -ttt -I pflog0 net 128.252.21.6 port 135.  However this
> rule will not match anything until I remove the "on vlan6".  Then it
> works fine.  If I pull out the "on vlan6" and change "keep state" to
> "modulate state" the rule will die too.
> I am testing with telnet 128.252.21.6 135 and I am using OpenBSD 3.3
> stable.
>  
>  
> Thanks again,
>  
>  
> Andrew Eaton
>  
> -----Original Message-----
> From: Eaton, Andy 
> Sent: Thursday, September 11, 2003 5:38 PM
> To: '[email protected]'
> Subject: tcpdump and rule -1/0
>  
> Hello all,
>  
> I am having a problem with filtering on a vlan aware bridge.  I am
> wondering if anyone has seen a tcpdump that looks like the following and
> what it means.  Particularly the part about the rule -1/0(match).
>  
> Sep 11 17:35:33.988497 rule -1/0(match): pass in on vlan16:
> 64.236.34.72.80 > 172.16.0.36.3114: . 63809:64321(512) ack 1 win 4096
> Sep 11 17:35:33.988501 rule -1/0(match): pass out on vlan17:
> 64.236.34.72.80 > 172.16.0.36.3114: . 63809:64321(512) ack 1 win 4096
> Sep 11 17:35:33.989717 rule -1/0(match): pass in on vlan17:
> 172.16.0.36.3114 > 64.236.34.72.80: . ack 64321 win 0 (DF)
> Sep 11 17:35:33.989720 rule -1/0(match): pass out on vlan16:
> 172.16.0.36.3114 > 64.236.34.72.80: . ack 64321 win 0 (DF)
>  
> I have spent a lot of time debugging this and the rules are not being
> parsed right.  I thought I might start here.
>  
>  
> Thanks in advance,
>  
>  
> Andrew Eaton
-- 
Henning Brauer, BS Web Services, http://bsws.de
[email protected] - [email protected]
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)