NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] FW-1 NG dropping UDP packets?



I'm investigating a VPN problem and noticed the following strange
behaviour. I have a Sun Fire 280 running FW-1 NG (FP.1), when I try
to do a traceroute from a machine inside our network to an external
machine (e.g. www.cnn.com) it appears that a lot of packets are
missing.  I ran 'snoop' (Sun equivalent of tcpdump) on the internal
and external interface of the firewall and noticed that only about 10%
of the UDP packets send by traceroute actualy show up on the external
interface. (See dumps below, both 'snoop's where taken during the same
timeframe). Did anybody see this behaviour before? Any idea what to do
about it.

internal-host# traceroute 64.236.16.116
traceroute to 64.236.16.116 (64.236.16.116), 30 hops max, 38 byte packets
 1  router (10.17.0.254)  3.302 ms  1.700 ms  1.684 ms
 2  charon (192.168.253.254)  1.003 ms * *
 3  * * *
 4  * * *
 5  unknown.tongeren.eunet.be (195.0.96.22)  91.706 ms * *
 6  * * *
 7  * * *
 8  195.207.71.242 (195.207.71.242)  16.252 ms * *
 9  * * *
10  * * *
11  r1-Se0-2-0.0.ledn-KQ1.NL.kpnqwest.net (134.222.230.9)  18.228 ms * *
12  * * *
13  * * *
14  ewr-core-01.inet.qwest.net (205.171.17.125)  110.238 ms * *
15  * * *
16  * * *
17  bb1-new-P0-0.atdn.net (66.185.137.1)  836.827 ms * *
18  * * *
19  * * *
20  bb2-cha-P7-0.atdn.net (66.185.152.102)  123.755 ms

#### external interface
firewall# snoop -d qfe1 -r host 64.236.16.116
Using device /dev/qfe (promiscuous mode)
195.0.45.170 -> 64.236.16.116 UDP D=33447 S=54204 LEN=18
195.0.45.170 -> 64.236.16.116 UDP D=33456 S=54204 LEN=18
195.0.45.170 -> 64.236.16.116 UDP D=33465 S=54204 LEN=18
195.0.45.170 -> 64.236.16.116 UDP D=33474 S=54204 LEN=18
195.0.45.170 -> 64.236.16.116 UDP D=33483 S=54204 LEN=18
195.0.45.170 -> 64.236.16.116 UDP D=33492 S=54204 LEN=18

# internal interface
# snoop -d eri0 -r host 64.236.16.116
Using device /dev/eri (promiscuous mode)
   10.17.0.5 -> 64.236.16.116 UDP D=33438 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33439 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33440 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33441 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33442 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33443 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33444 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33445 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33446 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33447 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33448 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33449 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33450 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33451 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33452 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33453 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33454 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33455 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33456 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33457 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33458 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33459 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33460 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33461 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33462 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33463 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33464 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33465 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33466 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33467 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33468 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33469 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33470 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33471 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33472 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33473 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33474 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33475 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33476 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33477 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33478 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33479 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33480 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33481 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33482 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33483 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33484 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33485 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33486 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33487 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33488 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33489 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33490 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33491 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33492 S=54204 LEN=18
   10.17.0.5 -> 64.236.16.116 UDP D=33493 S=54204 LEN=18

Nico

---------------------------------------------------------
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
               the computer industry."
---------------------------------------------------------
Nico De Ranter
Sony Service Center (SDCE/VPE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.