Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] fwtable.pl

To: [email protected]
Subject: Re: [FW-1] fwtable.pl
From: MikeCC <[email protected]>
Date: Thu, 18 Oct 2001 23:51:15 -0400
In-reply-to: <[email protected] nce.school.nz>
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I did notice all that, but I was still having the problem.

But it turns out it was not the script so my apologies to Lance.

fwtable.pl is doing exactly what it is supposed to do the problem is that
when I do a fw tab -t connections target_ip_of_firewall_module from the
Management station the timeout numbers come through just like fwtable.pl
shows them.  I somehow missed that before.

When I do a fw tab -t connections locally on the firewall module I get
timeout numbers that look appropriate, in other words no negative numbers
and no numbers higher than the timeout.  But when I do a remote fw tab from
the management station at the same time I get different numbers.

The management station is actually a Provider-1 server.

At 04:08 PM 10/19/01 +1300, you wrote:

Looking at the script, he is not modifying that Timeout field other than
to take off the trailing ">" from the end of line output of the
`$FWDIR/bin/fw tab -t connections -max $max $target` command.

The script then prints the timeout field to a length of 9 chars, starting
at character 81 of the line (as far as i can tell).
If your timeout fields are bigger than that, or something is
screwing up on the length of the lines you are supplying to the script
(i.e. you are pasting the output of fw tab into a file, with a bit of
unwanted junk and then running Lance's script against that file), it would
definately screw up around that point.

Alternatively you could just take the script out of the equation here and
run the fw tab cmd on the box outside of the script.

I am not an expert programmer, but i can see how hacky his script is....
(still better than i could do)   :))
If you are still stuck after these clues, and are desperate to have it
working, email me the script you are using, and an output from the fw tab
cmd.

Cheers,
-jonny

On Thu, 18 Oct 2001, mikecc wrote:

> Hello,
>
> I'm trying to use the fwtable.pl script written by Lance Spitzner
> and everything seems ok except for the reporting of time out.
>
> For the udp connections I see negative numbers, -14390/40 and for
> some tcp connections I'm seeing the time used higher than the time
> out, 6200/2086
>
> Has anyone else run into this?
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================
>

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================


MikeCC
http://atrek.org/mikecc

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

References:
- [FW-1] fwtable.pl
  - From: mikecc <[email protected]>

Prev by Date: Re: [FW-1] fwtable.pl
Next by Date: Re: [FW-1] Anti-Virus - Replacement for NAV for Firewalls
Previous by thread: Re: [FW-1] fwtable.pl
Next by thread: [FW-1] help on port
Index(es):
- Date
- Thread