Hi all.
I'm trying to setup IP screening on Tru64 UNIX 4.0F, but I'm having a
tough time. I have definitely setup everything I know of correctly, yet
the system "insults" me.
1. Setup
--------
I have a machine (AS-200) with 2 NICs
tu1: 192.168.61.11 netmask 255.255.255.0 (legba.ev.co.yu)
le0: 192.168.62.1 netmask 255.255.255.0 (papa-legba.ev.co.yu)
I also have access to two other machines:
Uprava: 192.168.61.11
mach_1: 192.168.62.10
When screend is turned off, I can ping from Uprava to mach_1
2. ScreenD config
-----------------
default reject notify log;
between host 192.168.61.11 and host 192.168.62.10 accept;
3. Symptoms
-----------
Well, PING doesn't go through. However, when I start ScreenD with
"screend -d" and ping, I get:
---------------------------------------------------
Legba:/var/adm/syslog.dated/current# screend -d
Netmask hash table:
Action table: (2/2 slots full)
[0] from [host 192.168.61.11/any proto port any] to [host
192.168.62.10/any proto port any] accept
[1] from [host 192.168.62.10/any proto port any] to [host
192.168.61.11/any proto port any] accept
(0.000000) af 2 count 0 dlen 0 xid 0 action 0 REJECT
Runt, len 0
(0.000000) af 2 count 0 dlen 0 xid 0 action 0 REJECT
[192.168.61.11]->[192.168.62.10] icmp (8)
checking cache:
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
age 0 [0.0.0.0]->[0.0.0.0] ip
no match
checking [0] from [host 192.168.61.11/any proto port any] to [host
192.168.62.10/any proto port any] accept
match
(994254087.838185) af 2 count 120 dlen 84 xid 0x124 action 1 ACCEPT
[192.168.61.11]->[192.168.62.10] icmp (8)
checking cache:
age 0 [192.168.61.11]->[192.168.62.10] icmp (8)
match
(994254088.837350) af 2 count 120 dlen 84 xid 0x125 action 1 ACCEPT
[192.168.61.11]->[192.168.62.10] icmp (8)
--------------------------------------------------------------------
So, it is accepted. Well, it is not FORWARDED. I am monitoring the other
interface (le0) and when screend is off, I can see the PINGs coming out
of it. With screend on, nothing comes out.
Has anyone successfully setup screend?
Nix.
--
Breakfast in Paris, lunch in New York, luggage in Tokio?
Received on Wed Jul 04 2001 - 13:46:54 NZST