Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

Chapter 2 Troubleshooting Tools VPN-1/FireWall-1 Control Commands

Advanced Technical Reference Guide 4.1 • June 2000 14

,51,52,6B,63,4,C2) - the actual MD5 key.

6. niv=4 iv=(1C,4,0,0) - the initialization vector used in the process of calculating the data

encryption key.

7. Crunched iv=(1C,4,0,0,1C,4) – the actual initial vector that is used in the data encryption

key calculation.

8. just before calling fwcrypto_do() - a debugging line that says that the actual function that

does the encryption is about to be called.

9. Cookie 0x7E492D0: m=0x5A49600, offset=0, len=60, flen=0 - the cookies that hold the data

(see line 8 on previous section)

10. the actual packet data before the encryption (in clear text).

11. fw_crypt: just after calling cookie_put_data() - a debugging line that shows that the

encrypted data was just returned to the cookie.

12. Cookie 0x7E492D0: m=0x5A49600, offset=0, len=60, flen=0 - see line 9

13. the actual encrypted data.

xlate, xltrc

Prints the NAT related information (changing IP addresses etc.) where the xlate switch is the basic (and most

commonly used) switch, and xltrc gives additional information by showing the actual process of going

through the NAT Rule Base for each packet (mostly on TELNET and FTP).

Example Translating ICMP using the hide method (xlate command).

Output

1. fw_xlate_icmp: got backw connection src C0A86E05 dst C25A0105

type 8 code 0 id F00E

2. fw_xlate_icmp: got backw icmp request (8)

3. fw_xlate_icmp: got forw connection src C0A86E05 dst C25A0105

type 8 code 0 id F00E

4. fw_xlate_match_entry: connection matches

5. fw_init_xlation: src=C0A86E05 sport=200 dst=C25A0105 dport=2E00

ip_p=1 mthd=1

6. allocate_port: addr=C7CB471E, first=258, last=3FF, start=283,

old_port=200

7. allocate_port: found a free port <C7CB471E,1,284>

8. fw_init_xlation_tables: adding

<C0A86E05,200,C25A0105,2E00,1;C7CB471E,80000284,C25A0105,2E00,0/30

> to forw

9. fw_init_xlation_tables: adding

<C25A0105,2E00,C7CB471E,284,1;C25A0105,2E00,C0A86E05,80000200,0>

to backw.

10. fw_xlate_icmp: changing packet's src,dst to <C7CB471E,C25A0105>

11. fw_xlate_icmp: got backw connection src C25A0105 dst C7CB471E

type 0 code 0 id 7683

12. fw_xlate_icmp: got (C25A0105,2E00,C0A86E05,80000200) from

fwx_backw_tab

13. fw_xlate_deallocate: hval =

C0A86E05,200,C25A0105,2E00,1;C7CB471E,80000284,C25A0105,2E00,0

14. deallocate_port: port is marked

15. deallocate_port: attempting free port 284 (protocol 1) of host

C7CB471E

16. fw_xlate_deallocate: deleting <C25A0105,2E00,C7CB471E,284,1>

from fwx_backw_tab

17. fw_xlate_icmp: changing packet's src,dst to <C25A0105,C0A86E05>

18. fw_xlate_icmp: got forw connection src C25A0105 dst C0A86E05

type 0 code 0 id 7683

19. fw_xlate_icmp: got forw icmp reply (0)