Interfaces rl0: flags=8843 mtu 1500 options=40 inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255 ether 00:80:48:14:4f:34 media: Ethernet autoselect (100baseTX ) status: active rl1: flags=8843 mtu 1500 options=40 inet 10.0.2.224 netmask 0xfffffe00 broadcast 10.0.3.255 ether 00:80:48:14:45:e7 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 ng0: flags=88d1 mtu 1460 Routing tables Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.0.0.10 UGSc 2 5 rl1 10.0.0.10 10.0.2.1 UGHS 5 202 rl1 10.0.2/23 link#2 UC 1 0 rl1 10.0.2.1 00:19:aa:00:4f:98 UHLW 1 0 rl1 1180 10.0.2.224 127.0.0.1 UGHS 0 0 lo0 91.215.89.123 lo0 UHS 0 0 lo0 127.0.0.1 127.0.0.1 UH 2 28 lo0 192.168.3 link#1 UC 4 0 rl0 192.168.3.82 00:0d:61:2a:db:08 UHLW 1 1 rl0 1196 192.168.3.92 00:11:5b:5e:01:6a UHLW 0 0 rl0 1177 192.168.3.97 00:1a:4d:1f:5e:74 UHLW 0 4 rl0 1156 192.168.3.99 00:20:ed:5b:34:67 UHLW 12 194 rl0 1160 Network buffers 7/64/17856 mbufs in use (current/peak/max): 7 mbufs allocated to data 0/4/4464 mbuf clusters in use (current/peak/max) 24 Kbytes allocated to network (0% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Network protocol statistics tcp: 202 packets sent 157 data packets (136127 bytes) 0 data packets (0 bytes) retransmitted 0 resends initiated by MTU discovery 40 ack-only packets (0 delayed) 0 URG only packets 0 window probe packets 0 window update packets 5 control packets 134 packets received 94 acks (for 135660 bytes) 11 duplicate acks 0 acks for unsent data 27 packets (7550 bytes) received in-sequence 0 completely duplicate packets (0 bytes) 0 old duplicate packets 0 packets with some dup. data (0 bytes duped) 0 out-of-order packets (0 bytes) 0 packets (0 bytes) of data after window 0 window probes 2 window update packets 0 packets received after close 0 discarded for bad checksums 0 discarded for bad header offset fields 0 discarded because packet too short 1 connection request 12 connection accepts 0 bad connection attempts 0 listen queue overflows 13 connections established (including accepts) 0 connections closed (including 0 drops) 0 connections updated cached RTT on close 0 connections updated cached RTT variance on close 0 connections updated cached ssthresh on close 0 embryonic connections dropped 82 segments updated rtt (of 83 attempts) 0 retransmit timeouts 0 connections dropped by rexmit timeout 0 persist timeouts 0 connections dropped by persist timeout 0 keepalive timeouts 0 keepalive probes sent 0 connections dropped by keepalive 0 correct ACK header predictions 15 correct data packet header predictions 12 syncache entries added 0 retransmitted 0 dupsyn 0 dropped 12 completed 0 bucket overflow 0 cache overflow 0 reset 0 stale 0 aborted 0 badack 0 unreach 0 zone failures 0 cookies sent 0 cookies received udp: 47 datagrams received 0 with incomplete header 0 with bad data length field 0 with bad checksum 0 with no checksum 0 dropped due to no socket 18 broadcast/multicast datagrams dropped due to no socket 0 dropped due to full socket buffers 0 not for hashed pcb 29 delivered 47 datagrams output ip: 739 total packets received 0 bad header checksums 0 with size smaller than minimum 0 with data size < data length 0 with ip length > max ip packet size 0 with header length < data size 0 with data length < header length 0 with bad options 0 with incorrect version number 0 fragments received 0 fragments dropped (dup or out of space) 0 fragments dropped after timeout 0 packets reassembled ok 432 packets for this host 0 packets for unknown/unsupported protocol 47 packets forwarded (0 packets fast forwarded) 0 packets not forwardable 0 packets received for unknown multicast group 0 redirects sent 449 packets sent from this host 0 packets sent with fabricated ip header 0 output packets dropped due to no bufs, etc. 12 output packets discarded due to no route 0 output datagrams fragmented 0 fragments created 0 datagrams that can't be fragmented 0 tunneling packets that can't find gif 0 datagrams with bad address in header icmp: 5 calls to icmp_error 0 errors not generated 'cuz old message was icmp Output histogram: destination unreachable: 5 0 messages with bad code fields 0 messages < minimum length 0 bad checksums 0 messages with bad length 0 multicast echo requests ignored 0 multicast timestamp requests ignored 0 message responses generated 0 invalid return addresses 2 no return routes ICMP address mask responses are disabled igmp: 0 messages received 0 messages received with too few bytes 0 messages received with bad checksum 0 membership queries received 0 membership queries received with invalid field(s) 0 membership reports received 0 membership reports received with invalid field(s) 0 membership reports received for groups to which we belong 0 membership reports sent -- Bridging statistics (bdg) -- Name In Out Forward Drop Bcast Mcast Local Unknown pfkey: 2 requests sent to userland 32 bytes sent to userland histogram by message type: flush: 1 x_spdflush: 1 0 messages with invalid length field 0 messages with invalid version field 0 messages with invalid message type field 0 messages too short 0 messages with memory allocation failure 0 messages with duplicate extension 0 messages with invalid extension type 0 messages with invalid sa type 0 messages with invalid address extension 2 requests sent from userland 32 bytes sent from userland histogram by message type: flush: 1 x_spdflush: 1 0 messages toward single socket 0 messages toward all sockets 0 messages toward registered sockets 0 messages with memory allocation failure ipfw show ipfw: getsockopt(IP_FW_GET): Protocol not available ipnat -lv List of active MAP/Redirect filters: map ng0 192.168.3.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp map ng0 192.168.3.0/24 -> 0.0.0.0/32 portmap tcp/udp 1024:64535 map ng0 192.168.3.0/24 -> 0.0.0.0/32 map rl1 192.168.3.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp map rl1 192.168.3.0/24 -> 0.0.0.0/32 portmap tcp/udp 1024:64535 map rl1 192.168.3.0/24 -> 0.0.0.0/32 map rl1 from 10.0.2.224/32 to any port = 53 -> 0.0.0.0/32 List of active sessions: MAP 10.0.2.224 6728 <- -> 10.0.2.224 6728 [91.215.91.2 53] age 1187 use 0 sumd 0/0 pr 17 bkt 885/885 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 192.168.3.97 55033 <- -> 10.0.2.224 10053 [91.215.91.2 53] age 1192 use 0 sumd 0x9921/0x9921 pr 17 bkt 850/130 flags 2 drop 0/0 ifp rl1 bytes 116 pkts 2 MAP 192.168.3.97 55033 <- -> 10.0.2.224 36276 [91.215.89.2 53] age 1192 use 0 sumd 0xff90/0xff90 pr 17 bkt 754/1941 flags 2 drop 0/0 ifp rl1 bytes 174 pkts 3 MAP 10.0.2.224 25110 <- -> 10.0.2.224 25110 [91.215.89.2 53] age 1167 use 0 sumd 0/0 pr 17 bkt 343/343 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 10.0.2.224 50974 <- -> 10.0.2.224 50974 [91.215.91.2 53] age 1157 use 0 sumd 0/0 pr 17 bkt 541/541 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 192.168.3.92 1087 <- -> 10.0.2.224 6351 [91.215.91.2 53] age 1195 use 0 sumd 0x5d6b/0x5d6b pr 17 bkt 75/644 flags 2 drop 0/0 ifp rl1 bytes 295 pkts 5 MAP 192.168.3.97 49775 <- -> 10.0.2.224 43267 [91.215.89.2 53] age 1166 use 0 sumd 0x2f6a/0x2f6a pr 17 bkt 205/1691 flags 2 drop 0/0 ifp rl1 bytes 174 pkts 3 MAP 192.168.3.92 1087 <- -> 10.0.2.224 24623 [91.215.89.2 53] age 1195 use 0 sumd 0xa4cb/0xa4cb pr 17 bkt 2026/600 flags 2 drop 0/0 ifp rl1 bytes 413 pkts 7 MAP 192.168.3.97 49775 <- -> 10.0.2.224 16513 [91.215.91.2 53] age 1166 use 0 sumd 0xc6e7/0xc6e7 pr 17 bkt 301/1186 flags 2 drop 0/0 ifp rl1 bytes 232 pkts 4 MAP 10.0.2.224 50759 <- -> 10.0.2.224 50759 [91.215.89.2 53] age 1147 use 0 sumd 0/0 pr 17 bkt 705/705 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 192.168.3.12 1050 <- -> 10.0.2.224 25078 [91.215.91.2 53] age 1196 use 0 sumd 0xa707/0xa707 pr 17 bkt 358/466 flags 2 drop 0/0 ifp rl1 bytes 244 pkts 4 MAP 192.168.3.97 1978 <- -> 10.0.2.224 35311 [94.100.178.27 80] age 420 use 0 sumd 0xcb0b/0xcb0b pr 6 bkt 1108/978 flags 1 drop 0/0 ifp rl1 bytes 156 pkts 3 MAP 10.0.2.224 49492 <- -> 10.0.2.224 49492 [91.215.91.2 53] age 1137 use 0 sumd 0/0 pr 17 bkt 30/30 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 192.168.3.12 1050 <- -> 10.0.2.224 48170 [91.215.89.2 53] age 1196 use 0 sumd 0x13c/0x13c pr 17 bkt 262/1459 flags 2 drop 0/0 ifp rl1 bytes 610 pkts 10 MAP 192.168.3.97 1977 <- -> 10.0.2.224 21258 [94.100.178.27 443] age 410 use 0 sumd 0x9427/0x9427 pr 6 bkt 1634/398 flags 1 drop 0/0 ifp rl1 bytes 104 pkts 2 MAP 10.0.2.224 64415 <- -> 10.0.2.224 64415 [91.215.89.2 53] age 1127 use 0 sumd 0/0 pr 17 bkt 769/769 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 MAP 192.168.3.97 1976 <- -> 10.0.2.224 35111 [94.100.178.27 2042] age 400 use 0 sumd 0xca45/0xca45 pr 6 bkt 1136/1493 flags 1 drop 0/0 ifp rl1 bytes 52 pkts 1 MAP 192.168.3.97 64153 <- -> 10.0.2.224 54874 [91.215.91.2 53] age 1120 use 0 sumd 0x2497/0x2497 pr 17 bkt 874/1587 flags 2 drop 0/0 ifp rl1 bytes 367 pkts 2 MAP 192.168.3.97 64153 <- -> 10.0.2.224 51670 [91.215.89.2 53] age 1120 use 0 sumd 0x1813/0x1813 pr 17 bkt 778/470 flags 2 drop 0/0 ifp rl1 bytes 58 pkts 1 List of active host mappings: 192.168.3.12 -> 0.0.0.0 (use = 2 hv = 357) 192.168.3.92 -> 0.0.0.0 (use = 2 hv = 677) 192.168.3.97 -> 0.0.0.0 (use = 9 hv = 697) 10.0.2.224 -> 0.0.0.0 (use = 6 hv = 970) ipfstat -v opts 0x40 name /dev/ipl IPv6 packets: in 0 out 0 input packets: blocked 255 passed 489 nomatch 0 counted 0 short 0 output packets: blocked 0 passed 495 nomatch 0 counted 0 short 0 input packets logged: blocked 255 passed 0 output packets logged: blocked 0 passed 0 packets logged: input 0 output 0 log failures: input 0 output 0 fragment state(in): kept 0 lost 0 not fragmented 0 fragment state(out): kept 0 lost 0 not fragmented 0 packet state(in): kept 29 lost 0 packet state(out): kept 6 lost 0 ICMP replies: 0 TCP RSTs sent: 0 Invalid source(in): 0 Result cache hits(in): 11 (out): 196 IN Pullups succeeded: 0 failed: 0 OUT Pullups succeeded: 0 failed: 0 Fastroute successes: 0 failures: 0 TCP cksum fails(in): 0 (out): 0 Packet log flags set: (0) none ipfstat -nio @1 pass out quick on lo0 from any to any @2 pass out quick on rl0 proto udp from 192.168.3.1/32 port = 67 to any port = 68 @3 pass out quick on rl1 proto gre from any to any @4 pass out quick on rl1 proto tcp from any to any port = 1723 @5 pass out quick on rl1 proto udp from any port = 68 to any port = 67 @6 pass out quick on ng0 proto udp from any port = 68 to any port = 67 @7 pass out quick on rl0 from any to any keep state @8 pass out quick on ng0 from any to any keep state @9 pass out quick on rl1 from any to any keep state @10 block out log quick from any to any @1 pass in quick on lo0 from any to any @2 block in log quick from any to any with short @3 block in log quick from any to any with ipopt @4 pass in quick on rl0 proto udp from any port = 68 to 255.255.255.255/32 port = 67 @5 pass in quick on rl0 proto udp from any port = 68 to 192.168.3.1/32 port = 67 @6 block in log quick on ng0 from 192.168.3.0/24 to any @7 block in log quick on rl1 from 192.168.3.0/24 to any @8 pass in quick on rl1 proto gre from any to any @9 pass in quick on rl1 proto tcp from any port = 1723 to any @10 block in log quick on rl1 proto udp from any port = 67 to 192.168.3.0/24 port = 68 @11 pass in quick on rl1 proto udp from any port = 67 to any port = 68 @12 block in log quick on ng0 proto udp from any port = 67 to 192.168.3.0/24 port = 68 @13 pass in quick on ng0 proto udp from any port = 67 to any port = 68 @14 block in log quick on rl0 from !192.168.3.0/24 to any @15 block in log quick on ng0 from 10.0.0.0/8 to any @16 block in log quick on ng0 from 127.0.0.0/8 to any @17 block in log quick on ng0 from 172.16.0.0/12 to any @18 block in log quick on ng0 from 192.168.0.0/16 to any @19 skip 1 in proto tcp from any to any flags S/FSRA @20 block in log quick proto tcp from any to any @21 block in log quick on rl0 from any to any head 100 @1 pass in quick from 192.168.3.0/24 to 192.168.3.1/32 keep state group 100 @2 pass in quick from 192.168.3.0/24 to any keep state group 100 @22 block in log quick on ng0 from any to any head 200 @23 block in log quick on rl1 from any to any head 300 @24 block in log quick from any to any unparsed ipnat rules map ng0 192.168.3.0/24 -> 0/32 proxy port ftp ftp/tcp map ng0 192.168.3.0/24 -> 0/32 portmap tcp/udp 1024:64535 map ng0 192.168.3.0/24 -> 0/32 map rl1 192.168.3.0/24 -> 0/32 proxy port ftp ftp/tcp map rl1 192.168.3.0/24 -> 0/32 portmap tcp/udp 1024:64535 map rl1 192.168.3.0/24 -> 0/32 map rl1 from 10.0.2.224/32 to any port = 53 -> 0.0.0.0/32 unparsed ipfilter rules # loopback pass in quick on lo0 all pass out quick on lo0 all # block short packets block in log quick all with short # block IP options block in log quick all with ipopts # allow access to DHCP server on LAN pass in quick on rl0 proto udp from any port = 68 to 255.255.255.255 port = 67 pass in quick on rl0 proto udp from any port = 68 to 192.168.3.1 port = 67 pass out quick on rl0 proto udp from 192.168.3.1 port = 67 to any port = 68 # WAN spoof check block in log quick on ng0 from 192.168.3.0/24 to any block in log quick on rl1 from 192.168.3.0/24 to any # allow PPTP client pass in quick on rl1 proto gre from any to any pass out quick on rl1 proto gre from any to any pass in quick on rl1 proto tcp from any port = 1723 to any pass out quick on rl1 proto tcp from any to any port = 1723 # allow our DHCP client out to the WAN # XXX - should be more restrictive # (not possible at the moment - need 'me' like in ipfw) pass out quick on rl1 proto udp from any port = 68 to any port = 67 block in log quick on rl1 proto udp from any port = 67 to 192.168.3.0/24 port = 68 pass in quick on rl1 proto udp from any port = 67 to any port = 68 pass out quick on ng0 proto udp from any port = 68 to any port = 67 block in log quick on ng0 proto udp from any port = 67 to 192.168.3.0/24 port = 68 pass in quick on ng0 proto udp from any port = 67 to any port = 68 # LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses) block in log quick on rl0 from ! 192.168.3.0/24 to any # block anything from private networks on WAN interface block in log quick on ng0 from 10.0.0.0/8 to any block in log quick on ng0 from 127.0.0.0/8 to any block in log quick on ng0 from 172.16.0.0/12 to any block in log quick on ng0 from 192.168.0.0/16 to any # Block TCP packets that do not mark the start of a connection skip 1 in proto tcp all flags S/SAFR block in log quick proto tcp all #--------------------------------------------------------------------------- # group head 100 - LAN interface #--------------------------------------------------------------------------- block in log quick on rl0 all head 100 # let out anything from the firewall host itself and decrypted IPsec traffic pass out quick on rl0 all keep state #--------------------------------------------------------------------------- # group head 200 - WAN interface #--------------------------------------------------------------------------- block in log quick on ng0 all head 200 # let out anything from the firewall host itself and decrypted IPsec traffic pass out quick on ng0 all keep state #--------------------------------------------------------------------------- # group head 300 - opt1 interface #--------------------------------------------------------------------------- block in log quick on rl1 all head 300 # let out anything from the firewall host itself and decrypted IPsec traffic pass out quick on rl1 all keep state # make sure the user cannot lock himself out of the webGUI pass in quick from 192.168.3.0/24 to 192.168.3.1 keep state group 100 # User-defined rules follow pass in quick from 192.168.3.0/24 to any keep state group 100 #--------------------------------------------------------------------------- # default rules (just to be sure) #--------------------------------------------------------------------------- block in log quick all block out log quick all unparsed ipfw rules add 50000 set 4 pass all from 192.168.3.1 to any add 50001 set 4 pass all from any to 192.168.3.1 resolv.conf domain local nameserver 91.215.89.2 nameserver 91.215.91.2 Processes USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 0 0.0 0.0 0 0 ?? DLs 1:55PM 0:00.00 (swapper) root 381 0.0 0.2 1332 876 ?? SN 1:55PM 0:00.00 sh -c ps xauww 2>&1 root 346 0.0 0.3 2256 1264 ?? S 1:55PM 0:00.01 /usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i /var/run/mini_httpd.pid root 345 0.0 1.3 7336 6768 ?? SN 1:55PM 0:00.14 /usr/local/bin/php status.php root 285 0.0 0.2 1116 752 ?? S 1:55PM 0:00.00 /usr/local/bin/msntp -r -P no -l /var/run/msntp.pid -x 300 pool.ntp.org root 247 0.0 0.3 2256 1356 ?? Ss 1:55PM 0:00.01 /usr/local/sbin/mpd -b -d /var/etc -p /var/run/mpd.pid pptp root 135 0.0 0.2 1336 904 ?? I 1:55PM 0:00.00 /bin/sh /etc/rc.initial console root 117 0.0 0.2 1332 872 con- I 1:55PM 0:00.01 /bin/sh /usr/local/bin/runmsntp.sh /var/run/runmsntp.pid /var/run/msntp.pid 300 pool.ntp.org root 113 0.0 0.3 1808 1484 ?? Ss 1:55PM 0:00.00 /usr/local/sbin/dhcpd -cf /var/etc/dhcpd.conf rl0 nobody 110 0.0 0.2 1044 848 ?? I 1:55PM 0:00.00 /usr/local/sbin/dnsmasq root 106 0.0 0.2 2252 1224 ?? Ss 1:55PM 0:00.01 /usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i /var/run/mini_httpd.pid root 103 0.0 0.1 1004 720 ?? Ss 1:55PM 0:00.04 /usr/sbin/syslogd -ss root 98 0.0 0.2 1456 1240 ?? Ss 1:55PM 0:00.02 /sbin/ipmon -sD root 89 0.0 0.2 1436 1124 ?? Is 1:55PM 0:00.00 /sbin/dhclient -nw -cf /var/etc/dhclient.conf rl1 root 10 0.0 0.0 0 0 ?? DL 1:55PM 0:00.00 (vnlru) root 9 0.0 0.0 0 0 ?? DL 1:55PM 0:00.00 (syncer) root 8 0.0 0.0 0 0 ?? DL 1:55PM 0:00.00 (bufdaemon) root 7 0.0 0.0 0 0 ?? DL 1:55PM 0:00.00 (pagedaemon) root 6 0.0 0.0 0 0 ?? DL 1:55PM 0:00.00 (usb1) root 5 0.0 0.0 0 0 ?? DL 1:55PM 0:00.00 (usbtask) root 4 0.0 0.0 0 0 ?? DL 1:55PM 0:00.00 (usb0) root 3 0.0 0.0 0 0 ?? DL 1:55PM 0:00.00 (taskqueue) root 2 0.0 0.0 0 0 ?? DL 1:55PM 0:00.00 (cryptoret) root 1 0.0 0.1 1060 696 ?? SLs 1:55PM 0:00.01 /sbin/init -- root 382 0.0 0.1 1080 640 ?? RN 1:55PM 0:00.00 ps xauww ls /var/run dev.db dhclient.pid dhcpd.pid dnsmasq.pid htpasswd ipmon.pid ld-elf.so.hints log mini_httpd.pid mpd.pid runmsntp.pid syslog.pid utmp dhcpd.conf option domain-name "local"; default-lease-time 7200; max-lease-time 86400; authoritative; log-facility local7; ddns-update-style none; subnet 192.168.3.0 netmask 255.255.255.0 { pool { range 192.168.3.11 192.168.3.99; } option routers 192.168.3.1; option domain-name-servers 192.168.3.1; } ez-ipupdate.cache cat: /conf/ez-ipupdate.cache: No such file or directory racoon.conf cat: /var/etc/racoon.conf: No such file or directory SPD No SPD entries. SAD No SAD entries. df -k Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/md0c 11871 10249 1622 86% / /dev/fd0 1424 10 1414 1% /cf procfs 4 4 0 100% /proc last 200 filter log entries Dec 21 13:55:32 m0n0wall ipmon[98]: 13:55:31.042161 ng0 @0:24 b 109.105.189.132,37496 -> 91.215.89.123,12525 PR udp len 20 61 IN Dec 21 13:55:32 m0n0wall ipmon[98]: 13:55:31.263661 rl1 @0:23 b 91.215.88.37,137 -> 91.215.88.39,137 PR udp len 20 78 IN Dec 21 13:55:32 m0n0wall ipmon[98]: 13:55:31.343571 ng0 @0:24 b 77.87.33.154,4032 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:32 m0n0wall ipmon[98]: 13:55:31.506878 ng0 @0:24 b 84.152.35.57,3333 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:32 m0n0wall ipmon[98]: 13:55:31.726422 ng0 @0:24 b 96.254.63.244,63761 -> 91.215.89.123,12525 PR tcp len 20 52 -S IN Dec 21 13:55:32 m0n0wall ipmon[98]: 13:55:31.739438 ng0 @0:24 b 64.139.251.163,42064 -> 91.215.89.123,22749 PR udp len 20 131 IN Dec 21 13:55:32 m0n0wall ipmon[98]: 13:55:31.897851 ng0 @0:24 b 60.53.59.5,3908 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:32 m0n0wall ipmon[98]: 13:55:31.939847 ng0 @0:24 b 94.27.103.31,41882 -> 91.215.89.123,12525 PR udp len 20 95 IN Dec 21 13:55:32 m0n0wall ipmon[98]: 13:55:32.027889 rl1 @0:23 b 91.215.88.37,137 -> 91.215.88.39,137 PR udp len 20 78 IN Dec 21 13:55:33 m0n0wall ipmon[98]: 13:55:32.137227 ng0 @0:24 b 111.69.248.224,47900 -> 91.215.89.123,50092 PR udp len 20 134 IN Dec 21 13:55:33 m0n0wall ipmon[98]: 13:55:32.167991 ng0 @0:24 b 90.157.8.23,27065 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:33 m0n0wall ipmon[98]: 13:55:32.208377 ng0 @0:24 b 109.126.198.42,30931 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:33 m0n0wall ipmon[98]: 13:55:32.234308 ng0 @0:24 b 95.25.188.204,54439 -> 91.215.89.123,50092 PR udp len 20 131 IN Dec 21 13:55:33 m0n0wall ipmon[98]: 13:55:32.555867 ng0 @0:24 b 95.132.131.165,62663 -> 91.215.89.123,12525 PR tcp len 20 52 -S IN Dec 21 13:55:33 m0n0wall ipmon[98]: 13:55:32.691668 ng0 @0:24 b 92.47.236.139,10008 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:33 m0n0wall ipmon[98]: 13:55:32.757910 ng0 @0:24 b 178.46.254.152,29853 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:33 m0n0wall ipmon[98]: 13:55:32.792338 rl1 @0:23 b 91.215.88.37,137 -> 91.215.88.39,137 PR udp len 20 78 IN Dec 21 13:55:33 m0n0wall ipmon[98]: 13:55:33.030671 ng0 @0:24 b 90.157.8.23,4372 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:34 m0n0wall ipmon[98]: 13:55:33.655187 ng0 @0:24 b 183.76.100.177,22263 -> 91.215.89.123,22749 PR udp len 20 126 IN Dec 21 13:55:34 m0n0wall ipmon[98]: 13:55:33.715311 ng0 @0:24 b 109.126.198.42,65413 -> 91.215.89.123,12525 PR tcp len 20 52 -S IN Dec 21 13:55:34 m0n0wall ipmon[98]: 13:55:33.777876 ng0 @0:24 b 94.27.72.164,4435 -> 91.215.89.123,12525 PR tcp len 20 52 -S IN Dec 21 13:55:34 m0n0wall ipmon[98]: 13:55:33.869242 rl1 @0:23 b 91.215.88.37,137 -> 91.215.88.39,137 PR udp len 20 78 IN Dec 21 13:55:35 m0n0wall ipmon[98]: 13:55:34.093071 ng0 @0:24 b 95.79.162.57,6881 -> 91.215.89.123,50092 PR udp len 20 129 IN Dec 21 13:55:35 m0n0wall ipmon[98]: 13:55:34.287355 ng0 @0:24 b 178.209.228.135,22255 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:35 m0n0wall ipmon[98]: 13:55:34.312801 ng0 @0:24 b 82.230.103.94,28316 -> 91.215.89.123,50092 PR udp len 20 131 IN Dec 21 13:55:35 m0n0wall ipmon[98]: 13:55:34.504261 ng0 @0:24 b 84.152.35.57,3333 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:35 m0n0wall ipmon[98]: 13:55:34.546170 ng0 @0:24 b 84.148.38.92,4662 -> 91.215.89.123,50092 PR udp len 20 131 IN Dec 21 13:55:35 m0n0wall ipmon[98]: 13:55:34.548829 ng0 @0:24 b 75.37.163.246,39050 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:35 m0n0wall ipmon[98]: 13:55:34.633437 rl1 @0:23 b 91.215.88.37,137 -> 91.215.88.39,137 PR udp len 20 78 IN Dec 21 13:55:35 m0n0wall ipmon[98]: 13:55:34.803576 ng0 @0:24 b 159.93.100.212,3484 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:36 m0n0wall ipmon[98]: 13:55:35.221652 ng0 @0:24 b 109.126.198.42,30931 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:36 m0n0wall ipmon[98]: 13:55:35.226226 ng0 @0:24 b 95.26.118.48,38560 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:36 m0n0wall ipmon[98]: 13:55:35.397930 rl1 @0:23 b 91.215.88.37,137 -> 91.215.88.39,137 PR udp len 20 78 IN Dec 21 13:55:36 m0n0wall ipmon[98]: 13:55:35.412726 ng0 @0:24 b 59.105.183.102,44192 -> 91.215.89.123,22749 PR udp len 20 131 IN Dec 21 13:55:36 m0n0wall ipmon[98]: 13:55:35.695510 ng0 @0:24 b 92.47.236.139,10008 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:36 m0n0wall ipmon[98]: 13:55:35.700261 ng0 @0:24 b 178.46.254.152,29853 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:36 m0n0wall ipmon[98]: 13:55:35.702180 ng0 @0:24 b 94.26.176.58,2107 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:36 m0n0wall ipmon[98]: 13:55:35.864221 ng0 @0:24 b 95.78.200.21,56601 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:36 m0n0wall ipmon[98]: 13:55:35.937703 ng0 @0:24 b 94.79.44.73,49422 -> 91.215.89.123,12525 PR tcp len 20 52 -S IN Dec 21 13:55:36 m0n0wall ipmon[98]: 13:55:35.941813 ng0 @0:24 b 94.79.44.73,24698 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:37 m0n0wall ipmon[98]: 13:55:36.052063 ng0 @0:24 b 83.149.41.82,26472 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:37 m0n0wall ipmon[98]: 13:55:36.057385 ng0 @0:24 b 217.118.83.147,58853 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:37 m0n0wall ipmon[98]: 13:55:36.302057 ng0 @0:24 b 89.142.149.144,41827 -> 91.215.89.123,22749 PR udp len 20 131 IN Dec 21 13:55:37 m0n0wall ipmon[98]: 13:55:36.490386 rl1 @0:23 b 91.215.88.37,137 -> 91.215.88.39,137 PR udp len 20 78 IN Dec 21 13:55:37 m0n0wall ipmon[98]: 13:55:36.821137 ng0 @0:24 b 178.120.13.0,27649 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:37 m0n0wall ipmon[98]: 13:55:37.035226 ng0 @0:24 b 91.194.247.229,62414 -> 91.215.89.123,50092 PR udp len 20 134 IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.051535 ng0 @0:24 b 178.93.76.94,32831 -> 91.215.89.123,12525 PR udp len 20 131 IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.075770 ng0 @0:24 b 79.164.41.131,21000 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.076799 ng0 @0:24 b 79.164.41.131,1240 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.080382 ng0 @0:24 b 81.200.20.241,14868 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.254616 rl1 @0:23 b 91.215.88.37,137 -> 91.215.88.39,137 PR udp len 20 78 IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.307673 ng0 @0:24 b 77.238.244.138,16745 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.308682 ng0 @0:24 b 77.238.244.138,56257 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.321680 ng0 @0:24 b 81.24.208.245,54108 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.323469 ng0 @0:24 b 81.24.208.245,51777 -> 91.215.89.123,12525 PR tcp len 20 52 -S IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.323913 ng0 @0:24 b 178.209.228.135,22255 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.385804 ng0 @0:24 b 77.87.33.154,4032 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.445640 ng0 @0:24 b 213.167.217.50,2032 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:37.727076 ng0 @0:24 b 96.254.63.244,63761 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:38 m0n0wall ipmon[98]: 13:55:38.019402 rl1 @0:23 b 91.215.88.37,137 -> 91.215.88.39,137 PR udp len 20 78 IN Dec 21 13:55:39 m0n0wall ipmon[98]: 13:55:38.171658 ng0 @0:24 b 76.172.13.247,55165 -> 91.215.89.123,50092 PR udp len 20 131 IN Dec 21 13:55:39 m0n0wall ipmon[98]: 13:55:38.233341 ng0 @0:24 b 95.26.118.48,38560 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:39 m0n0wall ipmon[98]: 13:55:38.810514 ng0 @0:24 b 77.238.244.138,16745 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:39 m0n0wall ipmon[98]: 13:55:38.820237 2x ng0 @0:24 b 62.220.35.109,29086 -> 91.215.89.123,12525 PR udp len 20 95 IN Dec 21 13:55:39 m0n0wall ipmon[98]: 13:55:38.862994 ng0 @0:24 b 62.220.35.109,2855 -> 91.215.89.123,12525 PR tcp len 20 52 -S IN Dec 21 13:55:39 m0n0wall ipmon[98]: 13:55:38.947894 ng0 @0:24 b 94.79.44.73,49422 -> 91.215.89.123,12525 PR tcp len 20 52 -S IN Dec 21 13:55:39 m0n0wall ipmon[98]: 13:55:38.953905 ng0 @0:24 b 94.79.44.73,24698 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:40 m0n0wall ipmon[98]: 13:55:39.096313 rl1 @0:23 b 91.215.88.37,137 -> 91.215.88.39,137 PR udp len 20 78 IN Dec 21 13:55:40 m0n0wall ipmon[98]: 13:55:39.110109 ng0 @0:24 b 83.149.41.82,26472 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:40 m0n0wall ipmon[98]: 13:55:39.202755 ng0 @0:24 b 95.105.15.89,13205 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:40 m0n0wall ipmon[98]: 13:55:39.203128 ng0 @0:24 b 95.105.15.89,3318 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:40 m0n0wall ipmon[98]: 13:55:39.595494 ng0 @0:24 b 95.77.198.168,51039 -> 91.215.89.123,12525 PR udp len 20 131 IN Dec 21 13:55:40 m0n0wall ipmon[98]: 13:55:39.711927 ng0 @0:24 b 109.126.198.42,65413 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:40 m0n0wall ipmon[98]: 13:55:39.860216 rl1 @0:23 b 91.215.88.37,137 -> 91.215.88.39,137 PR udp len 20 78 IN Dec 21 13:55:40 m0n0wall ipmon[98]: 13:55:39.929989 ng0 @0:24 b 82.77.143.45,60668 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:40 m0n0wall ipmon[98]: 13:55:39.935969 ng0 @0:24 b 65.65.211.175,57775 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:40 m0n0wall ipmon[98]: 13:55:40.016276 ng0 @0:24 b 79.164.41.131,1240 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:41 m0n0wall ipmon[98]: 13:55:40.069645 ng0 @0:24 b 81.200.20.241,14868 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:41 m0n0wall ipmon[98]: 13:55:40.076040 ng0 @0:24 b 109.105.189.132,37496 -> 91.215.89.123,12525 PR udp len 20 61 IN Dec 21 13:55:41 m0n0wall ipmon[98]: 13:55:40.084981 ng0 @0:24 b 79.164.41.131,21000 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:41 m0n0wall ipmon[98]: 13:55:40.193803 ng0 @0:24 b 46.61.18.106,54404 -> 91.215.89.123,50092 PR udp len 20 131 IN Dec 21 13:55:41 m0n0wall ipmon[98]: 13:55:40.315458 ng0 @0:24 b 77.238.244.138,56257 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:41 m0n0wall ipmon[98]: 13:55:40.326319 ng0 @0:24 b 81.24.208.245,51777 -> 91.215.89.123,12525 PR tcp len 20 52 -S IN Dec 21 13:55:41 m0n0wall ipmon[98]: 13:55:40.336427 ng0 @0:24 b 81.24.208.245,54108 -> 91.215.89.123,12525 PR udp len 20 58 IN Dec 21 13:55:41 m0n0wall ipmon[98]: 13:55:40.427531 ng0 @0:24 b 213.167.217.50,2032 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:41 m0n0wall ipmon[98]: 13:55:40.430641 ng0 @0:24 b 84.152.35.57,3333 -> 91.215.89.123,12525 PR tcp len 20 48 -S IN Dec 21 13:55:41 m0n0wall ipmon[98]: 13:55:40.624710 rl1 @0:23 b 91.215.88.37,137 -> 91.215.88.39,137 PR udp len 20 78 IN Dec 21 13:55:42 m0n0wall ipmon[98]: 13:55:41.112409 ng0 @0:24 b 2.123.32.39,28488 -> 91.215.89.123,50092 PR udp len 20 131 IN Dec 21 13:55:42 m0n0wall ipmon[98]: 13:55:41.224152 ng0 @0:24 b 109.126.198.42,30931 -> 91.215.89.123,12525 PR udp len 20 58 IN last 1000 system log entries Dec 21 13:55:27 m0n0wall /kernel: arplookup 10.0.0.10 failed: host is not on local network Dec 21 13:55:27 m0n0wall /kernel: arpresolve: can't allocate llinfo for 10.0.0.10rt Dec 21 13:55:27 m0n0wall /kernel: arplookup 10.0.0.10 failed: host is not on local network Dec 21 13:55:27 m0n0wall /kernel: arpresolve: can't allocate llinfo for 10.0.0.10rt