Friends,
Hopefully someone can shed some light on this and point me in the
right direction. I am having a problem when users browse secure
type site (paypal, banks, payroll, etc) that when they try to "view"
statements in PDF or HTML, the site just times out and nothing
happens. It is a bit annoying when trying to download statements, but
it is happening on our payroll service and that has obviously moved it
up on the priority list. Other than that, everything else seems ok
If I bypass the Netra, everything works fine. I have tried looking at
the ipmon logs for OOW errors, but nothing comes up. I did find a
number of "closed" and "expired" states, but I really don't know how
to read all of the info in these logs. Look below for a sample.
If I could get a nudge in the right direction, I would be greatly appreciative.
Thanks in advance.
============================================================================================================
Here's all the relevant info:
uname -a:
SunOS patriot1 5.10 Generic_120011-14 sun4u sparc SUNW,UltraSPARC-IIi-cEngine
more /etc/release:
Solaris 10 8/07 s10s_u4wos_12b SPARC
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 16 August 2007
ipfstat -s:
IP states added:
2290 TCP
1156 UDP
7 ICMP
2683620 hits
67134471 misses
0 maximum
0 no memory
0 max bucket
0 maximum
0 no memory
131 bkts in use
132 active
0 expired
0 closed
State logging enabled
State table bucket statistics:
131 in use
2.28% bucket usage
0 minimal length
2 maximal length
1.008 average length
ipf -V:
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0x107
ipfstat -io:
block out log on hme0 all
block out log on hme1 all
pass out quick on hme0 from 10.14.0.0/16 to 10.14.0.0/16
pass out quick on hme1 proto tcp/udp from hme1/32 to any port = domain
keep state
pass out quick on hme1 proto udp from any to any port = ntp keep state
pass out quick on hme1 proto tcp from 10.14.0.0/16 to any port = ssh keep state
pass out quick on hme1 proto tcp from 10.14.0.0/16 to any port = 80 keep state
pass out quick on hme1 proto tcp from 10.14.0.0/16 to any port = 443 keep state
pass out quick on hme1 proto tcp from 10.14.0.0/16 to any port = nntp
keep statepass out quick on hme1 proto tcp from any to any port =
whois keep state
pass out quick on hme1 proto icmp from any to any keep state
pass out quick on hme1 proto tcp from hme1/32 to any port = 113 keep state
pass out quick on hme1 proto tcp from hme1/32 port = 113 to any keep state
block in log quick from any to any with short
block in log on hme0 all
block in log on hme1 all
block in log quick on hme0 from 127.0.0.0/8 to any
block in log quick on hme0 from any to 127.0.0.0/8
block in log quick on hme1 from 127.0.0.0/8 to any
block in log quick on hme1 from any to 127.0.0.0/8
pass in quick on hme0 from 10.14.0.0/16 to 10.14.0.0/16
pass in quick on hme0 proto tcp/udp from 10.14.1.10/32 to any port = domain keep
state
pass in quick on hme0 proto udp from 10.14.0.0/16 to any port = ntp keep state
pass in quick on hme0 proto tcp from 10.14.0.0/16 to any port = ssh keep state
pass in quick on hme0 proto tcp from 10.14.0.0/16 to any port = 80 keep state
pass in quick on hme0 proto tcp from 10.14.0.0/16 to any port = 443 keep state
pass in quick on hme0 proto tcp from 10.14.0.0/16 to any port = nntp keep state
block in quick on hme1 proto tcp from any to any port = nntp keep state
pass in quick on hme0 proto tcp from 10.14.0.0/16 to any port = smtp keep state
pass in quick on hme0 proto tcp from 10.14.0.0/16 to any port = whois
keep statepass in quick on hme1 proto tcp from any to hme1/32 port =
ssh keep state
pass in quick on hme0 proto icmp from any to any keep state
block return-rst in quick on hme1 proto tcp from any to any port = 113
flags S/SA
block return-rst in log on hme1 proto tcp from any to any flags S/SA
ipmon -a
8/09/2008 19:07:10.860081 @2 NAT:EXPIRE 10.14.129.62,4017 <- ->
168.215.126.243,5041 [161.113.0.6,443] Pkts 0/1 Bytes 0/69
28/09/2008 19:07:10.860104 @2 NAT:EXPIRE 10.14.129.62,4016 <- ->
168.215.126.243,5040 [161.113.0.6,443] Pkts 0/1 Bytes 0/69
28/09/2008 19:07:11.916902 hme1 @0:3 b 161.113.0.6,443 ->
168.215.126.243,5049 PR tcp len 20 1500 -A IN
28/09/2008 19:07:17.860087 STATE:EXPIRE 10.14.1.10,56859 ->
216.136.95.2,53 PR udp Forward: Pkts in 1 Bytes in 62 Pkts out 1 Bytes
out 62 Backward: Pkts in 1 Bytes in 110 Pkts out 1 Bytes out 110
28/09/2008 19:07:17.860100 STATE:EXPIRE 10.14.1.10,56728 ->
216.136.95.2,53 PR udp Forward: Pkts in 1 Bytes in 62 Pkts out 1 Bytes
out 62 Backward: Pkts in 1 Bytes in 350 Pkts out 1 Bytes out 350
28/09/2008 19:07:27.932203 hme1 @0:3 b 161.113.0.6,443 ->
168.215.126.243,5049 PR tcp len 20 1500 -A IN
28/09/2008 19:07:30.540487 hme1 @0:2 b 168.215.126.243,520 ->
168.215.255.255,520 PR udp len 20 92 OUT
