The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 IPFilter
Author: jdjohnson 
Date:   29-02-00 16:00

Has anyone noticed that ipmon freaked out after the Leap Year (Feb 29)?

On my gateway machine (FreeBSD 3.4 with IPFilter 3.3.10) ipmon is logging everything as 12/31/1969.

Jeff

Reply To This Message
 
 RE: IPFilter
Author: Dan Langille 
Date:   29-02-00 21:11

I suspect your PC. My box had no such problems:

Feb 29 21:20:29 ducky ipmon[228]: 21:20:28.508306 ed0 @10:1 b [snip],4000 -> [snip],2969 PR udp len 20 93 IN

Reply To This Message
 
 RE: IPFilter
Author: jdjohnson 
Date:   29-02-00 23:22

Well,

All other logs being kept by syslog have the correct date. The computer BIOS has the correct date. Xntpd is working like a charm. So I don't think its my PC. (by the way its a Compaq DeskPro ES. PII 350, BIOS dated mid 1999, 64Mb RAM)

I'm running ipmon from rc.d with the following command line:

ipmon -an /var/log/ipf.log

Unlike your example, I'm logging directly to a file and not through syslog.

I just noticed that ipmon finally core dumped. I check that to see if I spot anything. Otherwise I'll recompile/reinstall IPFilter and see if the problem is corrected.

Thanks,
Jeff

Reply To This Message
 
 RE: IPFilter
Author: Dan Langille 
Date:   01-03-00 00:16

I just posted a message to the ipfilter mailing list (ipfilter@coombs.anu.edu.au).

Reply To This Message
 
 RE: IPFilter
Author: Dan Langille 
Date:   01-03-00 00:38

This from Darren Reed:

Because IP Filter uses your system library to print out date information
like this, if your libc is up the creek or your system for some reason has
bad timezone info, etc, then what ipmon prints will not be what you expect.

HTH.

Reply To This Message
 
 RE: IPFilter
Author: jdjohnson 
Date:   01-03-00 16:01

Thanks Dan,

I saw your post on the IPFilter mailing list and I posted some more info to Darren there.

Here are the steps I've taken so far:

1. I wiped my hard drive and reinstalled FreeBSD 3.4-STABLE from CD-ROM ISO image.

2. Installed CVSUP from the ports tree

3. updated src, crypto, and ports via CVSUP

4. make buildworld
make installworld

5. configured a kernel config file (FBSD) for my hardware and rebuilt the kernel, rebooted

6. untarred ip-fil3.3.10.tar.gz in the /usr/ports/net directory

7. cd ip_fil3.3.10
make freebsd-3
make install-bsd
FreeBSD-3/kinstall

8. rebuilt the kernel (config FBSD, make depend, make, make install)

9 rebooted

10. put ipf.sh in /usr/local/etc/rc.d, ipf.sh contains:
ipf -Fa
ipf -f /usr/local/etc/ipf.config && echo -n ' ipf'
ipmon -sn /var/log/ipf.log && echo -n ' ipmon'

11. ran ./ipf.sh

ipf runs great, i've verified that the rules are loades both via ipfstat -i and through testing, ipmon still logs everything as 12/31/1969 for about 20 min then core dumps

I tried using syslog to log from ipmon (ipmon -s -n) with appropriate entries in syslog.conf (local0.notice, etc) but ipmon immediately core dumps when executed with this setup.

Can you see anything I've missed?

Thanks,
Jeff


Reply To This Message
 
 RE: IPFilter
Author: jdjohnson 
Date:   01-03-00 16:26

Hang on, never mind.

Here's my problem.

Part of the output of "locate ipmon" is:

/usr/sbin/ipmon
/uer/local/bin/ipmon

Seems as the ip-fil3.3.10 install put ipmon in a different directory that the original FreeBSD install. The /usr/local/bin/ipmon is the newer file. After updating ipf.sh to point to this file instead of /usr/sbin/ipmon everything wroks as expected.

Thanks to you and Darren for looking at all my posts!

Jeff

Reply To This Message
 
 RE: IPFilter
Author: jdjohnson 
Date:   01-03-00 17:07

Oh dear!

<</uer/local/bin/ipmon>> should be <</usr/local/bin/ipmon>>
<< directory that the original >> should be << directory than the original >>
<<everything wroks as expected>> should be <<everything works as expected>>

Where's that proof reading program i've been looking for?!

Thanks again,
Jeff





Reply To This Message
 
 RE: IPFilter
Author: Dan Langille 
Date:   02-03-00 11:52

Glad you got it all fixed. BTW: that "double up on binaries" problem (i.e. ipmon in more than one place) is a common problem for those of us that wish to update directly from the ipfilter tarball. Althought I prefer this udpate method for IP Filter I recommend the use of ports for everything else. Darren and company have done such a good job with the ipf tarball that it is customized for FreeBSD (despite some slight differences in preferred locations).

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org