Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so just use oauth login instead. :)
Paste
Pasted as Plain Text by lnkgyv ( 15 years ago )
# ipfw list
65534 allow ip from any to any
65535 deny ip from any to any
# tcpdump -pnni vr0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes
13:00:20.904899 IP 212.1.105.150.22 > 212.1.104.30.39701: P 2930124314:2930124506(192) ack 329732395 win 8326 <nop,nop,timestamp 2646128141 166255594>
13:00:20.905254 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 192 win 1002 <nop,nop,timestamp 166255597 2646128141>
13:00:21.384158 arp who-has 172.29.141.3 tell 172.29.141.1
13:00:21.904803 IP 212.1.105.150.22 > 212.1.104.30.39701: P 192:560(368) ack 1 win 8326 <nop,nop,timestamp 2646129141 166255597>
13:00:21.905344 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 560 win 1002 <nop,nop,timestamp 166256597 2646129141>
13:00:22.386099 arp who-has 172.29.141.3 tell 172.29.141.1
13:00:22.775645 IP 10.10.10.19.137 > 10.10.10.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:00:22.904574 IP 212.1.105.150.22 > 212.1.104.30.39701: P 560:1008(448) ack 1 win 8326 <nop,nop,timestamp 2646130141 166256597>
13:00:22.905166 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 1008 win 1002 <nop,nop,timestamp 166257597 2646130141>
13:00:23.386589 arp who-has 172.29.141.3 tell 172.29.141.1
13:00:23.524931 IP 10.10.10.19.137 > 10.10.10.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:00:23.719555 IP 10.10.10.19.137 > 10.10.10.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:00:23.904334 IP 212.1.105.150.22 > 212.1.104.30.39701: P 1008:1568(560) ack 1 win 8326 <nop,nop,timestamp 2646131141 166257597>
13:00:23.905130 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 1568 win 1002 <nop,nop,timestamp 166258597 2646131141>
13:00:24.275045 IP 10.10.10.19.137 > 10.10.10.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:00:24.387654 arp who-has 172.29.141.3 tell 172.29.141.1
13:00:24.469213 IP 10.10.10.19.137 > 10.10.10.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:00:24.904205 IP 212.1.105.150.22 > 212.1.104.30.39701: P 1568:2128(560) ack 1 win 8326 <nop,nop,timestamp 2646132141 166258597>
13:00:24.904846 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 2128 win 1002 <nop,nop,timestamp 166259597 2646132141>
13:00:25.190679 IP 212.1.104.30.56313 > 212.1.105.150.1723: S 1359995435:1359995435(0) win 5840 <mss 1460,sackOK,timestamp 166259883 0,nop,wscale 6>
13:00:25.190708 IP 212.1.105.150.1723 > 212.1.104.30.56313: S 2231586025:2231586025(0) ack 1359995436 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 1188025055 166259883>
13:00:25.190925 IP 212.1.104.30.56313 > 212.1.105.150.1723: . ack 1 win 92 <nop,nop,timestamp 166259883 1188025055>
13:00:25.199705 IP 212.1.104.30.56313 > 212.1.105.150.1723: P 1:157(156) ack 1 win 92 <nop,nop,timestamp 166259892 1188025055>: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(AS) BEARER_CAP(DA) MAX_CHAN(65535) FIRM_REV(1) [|pptp]
13:00:25.199792 IP 212.1.105.150.1723 > 212.1.104.30.56313: P 1:157(156) ack 157 win 8326 <nop,nop,timestamp 1188025064 166259892>: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(AS) BEARER_CAP(DA) MAX_CHAN(0) FIRM_REV(257) [|pptp]
13:00:25.200295 IP 212.1.104.30.56313 > 212.1.105.150.1723: . ack 157 win 108 <nop,nop,timestamp 166259892 1188025064>
13:00:25.219245 IP 10.10.10.19.137 > 10.10.10.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:00:25.389778 arp who-has 172.29.141.3 tell 172.29.141.1
13:00:25.904238 IP 212.1.105.150.22 > 212.1.104.30.39701: . 2128:3576(1448) ack 1 win 8326 <nop,nop,timestamp 2646133141 166259597>
13:00:25.904249 IP 212.1.105.150.22 > 212.1.104.30.39701: P 3576:3648(72) ack 1 win 8326 <nop,nop,timestamp 2646133141 166259597>
13:00:25.905164 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 3576 win 1002 <nop,nop,timestamp 166260597 2646133141>
13:00:25.905182 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 3648 win 1001 <nop,nop,timestamp 166260597 2646133141>
13:00:26.192037 IP 212.1.104.30.56313 > 212.1.105.150.1723: P 157:325(168) ack 157 win 108 <nop,nop,timestamp 166260884 1188025064>: pptp CTRL_MSGTYPE=OCRQ CALL_ID(0) CALL_SER_NUM(0) MIN_BPS(2400) MAX_BPS(10000000) BEARER_TYPE(Any) [|pptp]
13:00:26.192693 IP 212.1.105.150.1723 > 212.1.104.30.56313: P 157:189(32) ack 325 win 8326 <nop,nop,timestamp 1188026057 166260884>: pptp CTRL_MSGTYPE=OCRP CALL_ID(33697) PEER_CALL_ID(0) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(64000) RECV_WIN(16) PROC_DELAY(1) [|pptp]
13:00:26.193009 IP 212.1.104.30.56313 > 212.1.105.150.1723: . ack 189 win 108 <nop,nop,timestamp 166260885 1188026057>
13:00:26.193112 IP 212.1.105.150 > 212.1.104.30: GREv1, call 0, seq 0, length 54: LCP, Conf-Request (0x01), id 1, length 40
13:00:26.194136 IP 212.1.104.30 > 212.1.105.150: GREv1, call 33697, seq 1, length 36: LCP, Conf-Request (0x01), id 1, length 22
13:00:26.194492 IP 212.1.105.150 > 212.1.104.30: GREv1, call 0, seq 1, ack 1, length 40: LCP, Conf-Ack (0x02), id 1, length 22
13:00:26.195632 IP 212.1.104.30 > 212.1.105.150: GREv1, call 33697, seq 2, ack 1, length 30: LCP, Conf-Reject (0x04), id 1, length 12
13:00:26.195945 IP 212.1.105.150 > 212.1.104.30: GREv1, call 0, seq 2, ack 2, length 43: LCP, Conf-Request (0x01), id 2, length 25
13:00:26.197880 IP 212.1.104.30 > 212.1.105.150: GREv1, call 33697, seq 3, ack 2, length 43: LCP, Conf-Ack (0x02), id 2, length 25
13:00:26.198201 IP 212.1.105.150 > 212.1.104.30: GREv1, call 0, seq 3, ack 3, length 41: CHAP, Challenge (0x01), id 1, Value bb1e68573a8e8da295abe71ea71887eb, Name
13:00:26.201760 IP 212.1.104.30 > 212.1.105.150: GREv1, call 33697, seq 4, ack 3, length 78: CHAP, Response (0x02), id 1, Value 23279192b0a1009f259825263450a1750000000000000000aca03eb704aad38a2a16709228d741[|chap]
13:00:26.203697 IP 212.1.105.150.59917 > 212.1.104.8.1812: RADIUS, Access Request (1), id: 0x78 length: 236
13:00:26.225885 IP 212.1.105.150 > 212.1.104.30: GREv1, call 0, ack 4, no-payload, length 12
13:00:26.391686 arp who-has 172.29.141.3 tell 172.29.141.1
13:00:26.652157 IP 212.1.105.149.1812 > 212.1.105.150.59917: RADIUS, Access Accept (2), id: 0x78 length: 209
13:00:26.652220 IP 212.1.105.150.59917 > 212.1.104.8.1812: RADIUS, Access Request (1), id: 0x78 length: 236
13:00:26.652465 IP 212.1.105.149.1812 > 212.1.105.150.59917: RADIUS, Access Accept (2), id: 0x78 length: 209
13:00:26.652496 IP 212.1.105.150.59917 > 212.1.104.8.1812: RADIUS, Access Request (1), id: 0x78 length: 236
13:00:26.652686 IP 212.1.105.149.1812 > 212.1.105.150.59917: RADIUS, Access Accept (2), id: 0x78 length: 209
13:00:26.652715 IP 212.1.105.150.59917 > 212.1.104.8.1812: RADIUS, Access Request (1), id: 0x78 length: 236
13:00:26.652935 IP 212.1.105.149.1812 > 212.1.105.150.59917: RADIUS, Access Accept (2), id: 0x78 length: 209
13:00:26.652966 IP 212.1.105.150.59917 > 212.1.104.8.1812: RADIUS, Access Request (1), id: 0x78 length: 236
13:00:26.653183 IP 212.1.105.149.1812 > 212.1.105.150.59917: RADIUS, Access Accept (2), id: 0x78 length: 209
13:00:26.653212 IP 212.1.105.150.59917 > 212.1.104.8.1812: RADIUS, Access Request (1), id: 0x78 length: 236
13:00:26.653433 IP 212.1.105.149.1812 > 212.1.105.150.59917: RADIUS, Access Accept (2), id: 0x78 length: 209
13:00:26.653857 IP 212.1.105.150 > 212.1.104.30: GREv1, call 0, seq 4, length 47: CHAP, Fail (0x04), id 1, Msg E=691 R=0 M=Login incorrect
13:00:26.654024 IP 212.1.105.150 > 212.1.104.30: GREv1, call 0, seq 5, length 20: LCP, Term-Request (0x05), id 3, length 6
13:00:26.654258 IP 212.1.104.30 > 212.1.105.150: GREv1, call 33697, ack 5, no-payload, length 12
13:00:26.659010 IP 212.1.104.30 > 212.1.105.150: GREv1, call 33697, seq 5, length 60: LCP, Term-Request (0x05), id 2, length 46
13:00:26.659022 IP 212.1.104.30 > 212.1.105.150: GREv1, call 33697, seq 6, length 20: LCP, Term-Ack (0x06), id 3, length 6
13:00:26.659184 IP 212.1.105.150 > 212.1.104.30: GREv1, call 0, seq 6, ack 6, length 24: LCP, Term-Ack (0x06), id 4, length 6
13:00:26.659379 IP 212.1.105.150.1723 > 212.1.104.30.56313: P 189:337(148) ack 325 win 8326 <nop,nop,timestamp 1188026524 166260885>: pptp CTRL_MSGTYPE=CDN CALL_ID(33697) RESULT_CODE(3) ERR_CODE(0) CAUSE_CODE(0) [|pptp]
13:00:26.659759 IP 212.1.104.30.56313 > 212.1.105.150.1723: . ack 337 win 125 <nop,nop,timestamp 166261352 1188026524>
13:00:26.669260 IP 212.1.104.30.56313 > 212.1.105.150.1723: P 325:341(16) ack 337 win 125 <nop,nop,timestamp 166261361 1188026524>: pptp CTRL_MSGTYPE=CCRQ CALL_ID(0)
13:00:26.669373 IP 212.1.104.30.56313 > 212.1.105.150.1723: F 341:341(0) ack 337 win 125 <nop,nop,timestamp 166261361 1188026524>
13:00:26.669399 IP 212.1.105.150.1723 > 212.1.104.30.56313: . ack 342 win 8326 <nop,nop,timestamp 1188026534 166261361>
13:00:26.669443 IP 212.1.105.150.1723 > 212.1.104.30.56313: F 337:337(0) ack 342 win 8326 <nop,nop,timestamp 1188026534 166261361>
13:00:26.669621 IP 212.1.104.30.56313 > 212.1.105.150.1723: . ack 338 win 125 <nop,nop,timestamp 166261362 1188026534>
13:00:26.904452 IP 212.1.105.150.22 > 212.1.104.30.39701: . 3648:5096(1448) ack 1 win 8326 <nop,nop,timestamp 2646134141 166260597>
13:00:26.904463 IP 212.1.105.150.22 > 212.1.104.30.39701: P 5096:5776(680) ack 1 win 8326 <nop,nop,timestamp 2646134141 166260597>
13:00:26.904547 IP 212.1.105.150.22 > 212.1.104.30.39701: . 5776:7224(1448) ack 1 win 8326 <nop,nop,timestamp 2646134141 166260597>
13:00:26.904554 IP 212.1.105.150.22 > 212.1.104.30.39701: P 7224:7968(744) ack 1 win 8326 <nop,nop,timestamp 2646134141 166260597>
13:00:26.905508 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 5096 win 1002 <nop,nop,timestamp 166261598 2646134141>
13:00:26.905534 IP 212.1.105.150.22 > 212.1.104.30.39701: P 7968:9296(1328) ack 1 win 8326 <nop,nop,timestamp 2646134142 166261598>
13:00:26.905539 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 5776 win 992 <nop,nop,timestamp 166261598 2646134141>
13:00:26.905623 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 7224 win 1002 <nop,nop,timestamp 166261598 2646134141>
13:00:26.905631 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 7968 win 991 <nop,nop,timestamp 166261598 2646134141>
13:00:26.906375 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 9296 win 1002 <nop,nop,timestamp 166261598 2646134142>
13:00:27.393683 arp who-has 172.29.141.3 tell 172.29.141.1
13:00:27.903815 IP 212.1.105.150.22 > 212.1.104.30.39701: P 9296:10656(1360) ack 1 win 8326 <nop,nop,timestamp 2646135141 166261598>
13:00:27.904703 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 10656 win 1002 <nop,nop,timestamp 166262597 2646135141>
13:00:28.394733 arp who-has 172.29.141.3 tell 172.29.141.1
13:00:28.903629 IP 212.1.105.150.22 > 212.1.104.30.39701: P 10656:11008(352) ack 1 win 8326 <nop,nop,timestamp 2646136141 166262597>
13:00:28.904160 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 11008 win 1002 <nop,nop,timestamp 166263596 2646136141>
13:00:29.395786 arp who-has 172.29.141.3 tell 172.29.141.1
13:00:29.903419 IP 212.1.105.150.22 > 212.1.104.30.39701: P 11008:11360(352) ack 1 win 8326 <nop,nop,timestamp 2646137141 166263596>
13:00:29.904008 IP 212.1.104.30.39701 > 212.1.105.150.22: . ack 11360 win 1002 <nop,nop,timestamp 166264596 2646137141>
13:00:30.395857 arp who-has 172.29.141.3 tell 172.29.141.1
# /etc/rc.d/pf status
No ALTQ support in kernel
ALTQ related functions disabled
Status: Enabled for 0 days 00:25:34 Debug: Urgent
State Table Total Rate
current entries 0
searches 1953 1.3/s
inserts 0 0.0/s
removals 0 0.0/s
Counters
match 1953 1.3/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
# cat /etc/pf.conf
scrub in all
nat on vr0 from 192.168.10.0/24 to 212.1.104.8 -> 212.1.105.150
nat on vr0 from 10.101.10.0/24 to any -> 212.1.105.150
Revise this Paste