My daughter has an iMac, and we managed to bring it up single user and change the root password. I forget how we did it, but I think it involved holding down one of the keys on the keyboard at boot time. --Skip
-----Original Message----- From: wlug-admin@mail.wlug.org [mailto:wlug-admin@mail.wlug.org]On Behalf Of Richard Goodman Sent: Sunday, October 20, 2002 4:29 PM To: wlug@mail.wlug.org Subject: [Wlug] OS X Firewall? (#2)
I would run a packet sniffer (ethereal, tcpdump, etc) on the Linux box and see what the iBook is putting out
BTW the iBook is running 10.2 (brand new)
Could not check the ipfw list as it appears that we don't currently have administrator privileges on the iBook.
checking the preferences/sharing/firewall showed the firewall off, however I was concerned about the following entries from the iBook's /var/msg/system.log:
IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to accept, logging disabled IP firewall loaded arplookup <IP of my linux box> failed: host is not on localnetwork
I have never run a packet sniffer before, so cannot interpret it, but I fired up tcpdump and did a) ping yahoo.com b) attempt to load yahoo.com in IE5
and got the following two dumps (assume I've snipped enough)
tcpdump host 192.168.1.49 Kernel filter, protocol ALL, datagram packet socket tcpdump: listening on all devices 15:55:16.232303 eth1 < host49.goodman1.net.49174 > bach.goodman1.net.domain: 49847+ A? yahoo.com. (2 7) 15:55:16.373034 eth1 > bach.goodman1.net.domain > host49.goodman1.net.49174: 49847* 2/5/5 A w1.rc.vi p.dcx.yahoo.com, A w1.rc.vip.scd.yahoo.com (229) 15:55:16.476477 eth1 < host49.goodman1.net > w1.rc.vip.dcx.yahoo.com: icmp: echo request 15:55:17.476548 eth1 < host49.goodman1.net > w1.rc.vip.dcx.yahoo.com: icmp: echo request 15:55:18.476633 eth1 < host49.goodman1.net > w1.rc.vip.dcx.yahoo.com: icmp: echo request 15:55:19.476745 eth1 < host49.goodman1.net > w1.rc.vip.dcx.yahoo.com: icmp: echo request 15:55:20.476828 eth1 < host49.goodman1.net > w1.rc.vip.dcx.yahoo.com: icmp: echo request 15:55:21.476890 eth1 < host49.goodman1.net > w1.rc.vip.dcx.yahoo.com: icmp: echo request 15:55:22.476949 eth1 < host49.goodman1.net > w1.rc.vip.dcx.yahoo.com: icmp: echo request 15:55:23.477008 eth1 < host49.goodman1.net > w1.rc.vip.dcx.yahoo.com: icmp: echo request 15:55:24.477084 eth1 < host49.goodman1.net > w1.rc.vip.dcx.yahoo.com: icmp: echo request <<continued similarly many more lines>
tcpdump host 192.168.1.49 Kernel filter, protocol ALL, datagram packet socket tcpdump: listening on all devices 16:01:00.340200 eth1 < host49.goodman1.net.49174 > bach.goodman1.net.domain: 45963+ A? www.yahoo.com . (31) 16:01:00.558192 eth1 > bach.goodman1.net.domain > host49.goodman1.net.49174: 45963 13/10/3 CNAME www .yahoo.akadns.net., A www9.dcx.yahoo.com, A w9.dcx.yahoo.com, (504) 16:01:00.563859 eth1 < host49.goodman1.net.49153 > www9.dcx.yahoo.com.www: S 1383754426:1383754426(0 ) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8687 0> (DF) 16:01:01.247337 eth1 < host49.goodman1.net.49153 > w9.dcx.yahoo.com.www: S 2642071908:2642071908(0) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8688 0> (DF) 16:01:01.962006 eth1 < host49.goodman1.net.49153 > w3.dcx.yahoo.com.www: S 3424625619:3424625619(0) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8689 0> (DF) 16:01:02.719348 eth1 < host49.goodman1.net.49153 > www10.dcx.yahoo.com.www: S 715459341:715459341(0) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8691 0> (DF) 16:01:03.433706 eth1 < host49.goodman1.net.49153 > w2.dcx.yahoo.com.www: S 3613744425:3613744425(0) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8692 0> (DF) 16:01:04.115338 eth1 < host49.goodman1.net.49153 > w6.dcx.yahoo.com.www: S 941366980:941366980(0) wi n 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8694 0> (DF) 16:01:04.796809 eth1 < host49.goodman1.net.49153 > w8.dcx.yahoo.com.www: S 1223626321:1223626321(0) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8695 0> (DF) 16:01:05.480085 eth1 < host49.goodman1.net.49153 > w1.dcx.yahoo.com.www: S 1755119059:1755119059(0) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8696 0> (DF) 16:01:05.550034 eth1 > arp who-has host49.goodman1.net tell localhost.localdomain (0:80:19:35:ad:39) 16:01:05.550329 eth1 < arp reply host49.goodman1.net is-at 0:3:93:c5:39:7c (0:80:19:35:ad:39) 16:01:06.163479 eth1 < host49.goodman1.net.49153 > www7.dcx.yahoo.com.www: S 2895506991:2895506991(0 ) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8698 0> (DF) 16:01:06.846666 eth1 < host49.goodman1.net.49153 > www8.dcx.yahoo.com.www: S 3434260281:3434260281(0 ) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8699 0> (DF) 16:01:07.529897 eth1 < host49.goodman1.net.49155 > www9.dcx.yahoo.com.www: S 2654995975:2654995975(0 ) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8701 0> (DF) 16:01:09.379617 eth1 < host49.goodman1.net.49155 > w9.dcx.yahoo.com.www: S 607986242:607986242(0) wi n 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8704 0> (DF) 16:01:11.231084 eth1 < host49.goodman1.net.49155 > w3.dcx.yahoo.com.www: S 1683897864:1683897864(0) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8708 0> (DF) 16:01:13.079138 eth1 < host49.goodman1.net.49155 > www10.dcx.yahoo.com.www: S 3195269927:3195269927( 0) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8712 0> (DF) 16:01:14.929941 eth1 < host49.goodman1.net.49155 > w2.dcx.yahoo.com.www: S 1831211410:1831211410(0) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8715 0> (DF) 16:01:16.778674 eth1 < host49.goodman1.net.49155 > w6.dcx.yahoo.com.www: S 3961536773:3961536773(0) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8719 0> (DF) 16:01:18.628462 eth1 < host49.goodman1.net.49155 > w8.dcx.yahoo.com.www: S 4286238440:4286238440(0) win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 8723 0> (DF)
Does this provide enough information?
Dick
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug