[Top] [Prev] [Next] [Bottom]

A Troubleshooting       


This appendix provides hints and tips for troubleshooting the ChoiceNet server. If the ChoiceNet server is being used with a RADIUS server, refer to the RADIUS Administrator's Guide first to verify that RADIUS is installed and configured properly.

This appendix includes the following topics:


Checking the filterd Daemon


On your ChoiceNet server, do the following:

1. Use filterd -v to display the version number.

2. Make sure /etc/filterd is running.

3. Verify that the /etc/choicenet directory-or the directory specified with the -d option-contains the following files and directories: clients, filters, lists, and lists.dbm.

4. Use filterd -x to view incoming and outgoing packets from ChoiceNet.

This option displays all ChoiceNet server activity on the screen. Figure A-1 shows an example display of normal activity.

Figure A-1 Example Display of ChoiceNet Activity

Wed Dec 11 19:01:57 1996: [328] filterrecv: Request from host 95c69b01 code=20, id=1, length=32
Wed Dec 11 19:01:57 1996: [328] Filter-Name = "nogo"
Wed Dec 11 19:01:57 1996: [328] IP-Address = 192.31.7.130
Wed Dec 11 19:01:57 1996: [336] list nogo includes address 192.31.7.130
Wed Dec 11 19:01:57 1996: [336] IP address 192.31.7.130 found in list nogo
Wed Dec 11 19:01:58 1996: [336] sending info-accept of id 1 to 95c69b01 (149.198.155.1)
Wed Dec 11 19:02:44 1996: [328] filterrecv: Request from host 95c69b01 code=20, id=2, length=32
Wed Dec 11 19:02:44 1996: [328] Filter-Name = "nogo"
Wed Dec 11 19:02:44 1996: [328] IP-Address = 149.198.1.70
Wed Dec 11 19:02:44 1996: [337] list nogo does not include address 149.198.1.70
Wed Dec 11 19:02:44 1996: [337] IP Address 149.198.1.70 not found in list nogo
Wed Dec 11 19:02:44 1996: [337] sending info-reject of id 2 to 95c69b01 (149.198.155.1)
Wed Dec 11 19:03:06 1996: [328] filterrecv: Request from host 95c69b01 code=20, id=3, length=32
Wed Dec 11 19:03:06 1996: [328] Filter-Name = "nogo"
Wed Dec 11 19:03:06 1996: [328] IP-Address = 192.9.9.100
Wed Dec 11 19:03:06 1996: [338] list nogo includes address 192.9.9.100
Wed Dec 11 19:03:06 1996: [338] IP address 192.9.9.100 found in list nogo
Wed Dec 11 19:03:07 1996: [338] sending info-accept of id 3 to 95c69b01 (149.198.155.1)
Wed Dec 11 19:03:40 1996: [328] filterrecv: Request from host 95c69b01 code=20, id=4, length=32
Wed Dec 11 19:03:40 1996: [328] Filter-Name = "nogo"
Wed Dec 11 19:03:40 1996: [328] IP-Address = 149.198.247.2
Wed Dec 11 19:03:40 1996: [339] list nogo does not include address 149.198.247.2
Wed Dec 11 19:03:40 1996: [339] IP Address 149.198.247.2 not found in list nogo
Wed Dec 11 19:03:40 1996: [339] sending info-reject of id 4 to 95c69b01 (149.198.155.1)



Checking the PortMaster



1. Verify that the ChoiceNet server is reachable from the client by one of the following methods:

Figure A-2 Example ping Command

Command> ping 192.168.200.23
192.168.200.23 is alive



Figure A-3 Example traceroute Command

Command> traceroute 192.168.200.23
traceroute to (192.168.200.23), 30 hops max
1 192.168.200.3
2 192.168.156.40
3 192.168.200.25



Refer to the Command Line Administrator's Guide for more information about these commands.

2. Verify that the ChoiceNet server IP address is set on the client by one of the following methods:

Figure A-4 Opening the Global Configuration Window



3. Verify that the secret set on the PortMaster matches the secret in the /etc/choicenet/clients file on the ChoiceNet server.

The PortMaster will not display the shared secret; however, you can set the secret again if you are not sure that it is set properly by one of the following methods:

4. Verify that any filters between the PortMaster and the ChoiceNet server are not blocking traffic between them.

You cannot use dynamic filters on the interface through which you access the ChoiceNet server.


Checking User Access


If ChoiceNet permits access to a site or service that should have been denied, or denies access that should have been permitted, examine the filter(s) and site list(s) involved.

1. Run buildlist on the ChoiceNet server to verify that the lists are up-to-date:

/etc/choicenet/buildlist

2. Verify that the filter is written correctly, with the desired permissions or denials set.

3. Verify that the maximum number of PMconsole connections on the PortMaster is set:

Command> set maximum pmconsole 10
Command> save all

The save all command saves this setting in the nonvolatile memory of the PortMaster.

4. Display and analyze all ChoiceNet activity by stopping and restarting filterd:

a. Use the ps command to find the process ID for filterd. The necessary command options vary with operating system. See "Restarting the filterd Process" on page 2-8 for an example. Refer to your system documentation for more information.

b. Enter the kill command to stop filterd:

kill ProcessID

ProcessID is taken from the output of ps in Step a.

c. Restart filterd with the -x option:

/etc/choicenet/filterd -x
 


[Top] [Prev] [Next] [Bottom]

spider@livingston.com
Copyright © 1997, Lucent Technologies, Inc. All rights reserved.