Re: - Re: Where did I go wrong?

Wed, 17 Jan 2007 03:38:42 -0800

I found this in the /var/adm/messages log file. There is nothing logged to /var/log/ipfilter.log yet. 

+++++
messages.1:16841:Jan 7 22:00:05 Osiris syslogd: line 35: unknown priority name "debug /var/log/ipfilter.log messages.1:16886:Jan 7 22:23:35 Osiris ipfilter: [ID 702911 daemon.warning] pfil not plumbed on any network interfaces. messages.1:16887:Jan 7 22:23:35 Osiris ipfilter: [ID 702911 daemon.warning] No network traffic will be filtered. messages.1:16888:Jan 7 22:23:35 Osiris ipfilter: [ID 702911 daemon.warning] See ipfilter(5) for more information. messages.1:16889:Jan 7 22:23:35 Osiris svc.startd[7]: [ID 652011 daemon.warning] svc:/network/ipfilter:default: Method "/lib/svc/method/ipfilter start" failed with exit status 96. messages.1:16890:Jan 7 22:23:35 Osiris svc.startd[7]: [ID 748625 daemon.error] network/ipfilter:default misconfigured 
+++++

# more pfil.ap

# IP Filter pfil autopush setup
#
# See autopush(1M) manpage for more information.
#
# Format of the entries in this file is:
#
#major  minor lastminor modules

#le     -1      0       pfil
#qe     -1      0       pfil
hme     -1      0       pfil
qfe     -1      0       pfil
#eri    -1      0       pfil
#ce     -1      0       pfil
#bge    -1      0       pfil
#be     -1      0       pfil
#vge    -1      0       pfil
#ge     -1      0       pfil
#nf     -1      0       pfil
#fa     -1      0       pfil
#ci     -1      0       pfil
#el     -1      0       pfil
#ipdptp -1      0       pfil
#lane   -1      0       pfil
#dmfe   -1      0       pfil

+++++
I am pretty sure my enable and start commands are good since I can see rules being loaded with ipfstat -io. 

I am wondering if the logging rules are wrong?

log level local7.debug out on qfe0 all
log level local7.debug in on qfe0 all
log level local7.debug out on qfe2 all
log level local7.debug in on qfe2 all
log level local7.debug out on hme0 all
log level local7.debug in on hme0 all

+++++
My QFE0 and QFE2 interfaces are trunked. Will this cause problems by chance? 



Phil Dibowitz wrote:

mdpeters wrote:


I am new to IPFilter. My experience comes from other firewalls. I have
what seems like a proper build from following all sorts of example
documents out there. My problem is that nothing seems to pass through
the system. I am not sure if it is a NAT issue or rule misconfiguration
on my part. If someone could critique an excerpt of what I have and clue
me into what I am doing wrong I would certainly appreciate it.



I noticed you have logging on - what do the logs show? You don't include
that here. It should include the rule that is blocking the packets.

Reply via email to