Problems with ScreenD 2 from Nikola Milutinovic on 2001-07-05 (tru64-unix-managers)

From: Nikola Milutinovic <Nikola.Milutinovic_at_ev.co.yu>
Date: Thu, 05 Jul 2001 07:31:28 +0200

Seams my first message never arived. Either that or I'm unsubscribed to
the list (I wasn't yesterday).

Hi all.

I'm trying to setup IP screening on Tru64 UNIX 4.0F, but I'm having a
tough time. I have definitely setup everything I know of correctly, yet
the system "insults" me.

1. Setup
--------

I have a machine (AS-200) with 2 NICs

tu1: 192.168.61.11 netmask 255.255.255.0 (legba.ev.co.yu)
le0: 192.168.62.1 netmask 255.255.255.0 (papa-legba.ev.co.yu)

I also have access to two other machines:

Uprava: 192.168.61.11
mach_1: 192.168.62.10

When screend is turned off, I can ping from Uprava to mach_1

2. ScreenD config
-----------------
default reject notify log;
between host 192.168.61.11 and host 192.168.62.10 accept;

3. Symptoms
-----------

Well, PING doesn't go through. However, when I start ScreenD with
"screend -d" and ping, I get:

---------------------------------------------------
Legba:/var/adm/syslog.dated/current# screend -d
Netmask hash table:
Action table: (2/2 slots full)
[0] from [host 192.168.61.11/any proto port any] to [host
192.168.62.10/any proto port any] accept
[1] from [host 192.168.62.10/any proto port any] to [host
192.168.61.11/any proto port any] accept
(0.000000) af 2 count 0 dlen 0 xid 0 action 0 REJECT
Runt, len 0
(0.000000) af 2 count 0 dlen 0 xid 0 action 0 REJECT
[192.168.61.11]->[192.168.62.10] icmp (8)
checking cache:
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
        age 0 [0.0.0.0]->[0.0.0.0] ip
no match
checking [0] from [host 192.168.61.11/any proto port any] to [host
192.168.62.10/any proto port any] accept
match
(994254087.838185) af 2 count 120 dlen 84 xid 0x124 action 1 ACCEPT
[192.168.61.11]->[192.168.62.10] icmp (8)
checking cache:
        age 0 [192.168.61.11]->[192.168.62.10] icmp (8)
match
(994254088.837350) af 2 count 120 dlen 84 xid 0x125 action 1 ACCEPT
[192.168.61.11]->[192.168.62.10] icmp (8)
--------------------------------------------------------------------

So, it is accepted. Well, it is not FORWARDED. I am monitoring the other
interface (le0) and when screend is off, I can see the PINGs coming out
of it. With screend on, nothing comes out.

Has anyone successfully setup screend?

-- 
"Insanity is a sane reaction to an insane world."
  Karl Jung

Received on Thu Jul 05 2001 - 05:30:59 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:42 NZDT