Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
151152153154155156157158159160
Appendix A: State Tables for VPN-1/FireWall-1 4.0 General tables
Advanced Technical Reference Guide 4.1 June 2000 146
However, FireWall–1 tries to maintain the connection by sending a garbage packet to the destination of the
original packet, with the header of the original packet. This step is taken so that if the connection still exists, the
internal host will ask the server to re-send, and resume the connection. If the connection is resumed, the only
evidence to what has happened is the log entry marking this packet as 'rejected'.
This mechanism operates by default only for a limited period of time after FireWall-1 is started. It is possible to
remove these entries by un-checking the checkbox "Log Established TCP Connections" in the Properties
window.
Example
attributes: expires 30<c7cb4759, c073cd0c, 00000015, 00000543; 28/30>
frag_table table
The frag_table table holds information about fragmented packets so the original packet can be reassembled.
Example
attributes: expires 20, limit 1000
<c0a83005, c7cb477d, 0000005e, 00000e0e; fee78768; 20/20>
The frag_table table uses the following format:
<source IP address, destination IP address, IP protocol, ip_id; ptr; time left/total time>
The ‘ip_id’ value is the value of the IP identification field in the IP header.
The‘ptr’valueisapointertothelocationwherethedatafragmentisheldinkernelmemory.
hold_table table
The hold_table table holds packets while the daemon processes them in order to avoid data retransmission.
Example
attributes: expires 90, expcall 4234021872 0, limit 100, refresh
<0000005e, 00000e0e; 89/90>
The hold_table table uses the following format:
<packet ID, pointer; time left/total time>
The packet ID is a 32-bit integer that is unique and used to identify each packet. The pointer is a pointer to a
data structure that contains data on how to handle this packet after the “hold” is over.
pending table
The pending table is a general table that holds information about connections that are not yet fully specified
(pending), such as data connections for FTP PASV
Example
attributes: refresh, expires 3600, sync, kbuf 1
<c0a83005, 46545053, c7cb47c6, 0000d8f1, 00000006; 00000000, 00004001;
44/60>
The pending table uses the following format: