From owner-freebsd-questions Fri Mar 3 2:47: 1 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mercury.is.co.za (mercury.is.co.za [196.4.160.222]) by hub.freebsd.org (Postfix) with ESMTP id 133F437B8F8 for ; Fri, 3 Mar 2000 02:46:54 -0800 (PST) (envelope-from marcs@is.co.za) Received: from hermwas.is.co.za (hermwas.is.co.za [196.23.0.8]) by mercury.is.co.za (8.9.3/8.9.3) with ESMTP id MAA22326; Fri, 3 Mar 2000 12:46:51 +0200 Received: (from marcs@localhost) by hermwas.is.co.za (8.9.3/8.9.3) id MAA09859; Fri, 3 Mar 2000 12:46:49 +0200 (SAT) Date: Fri, 3 Mar 2000 12:46:48 +0200 From: Marc Silver To: "Lowkrantz, Goran" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Attach to server on FW breaks Message-ID: <20000303124648.E18316@is.co.za> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: X-Operating-System: SunOS 5.6 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ok -- are you logging all denied attempts?? Does it show you any specific deny when this communication break occurs?? If so, that could help to solve the problem. Mail me and CC the list if you see anything. Cheers, Marc On Fri, Mar 03, 2000 at 11:40:17AM +0100, Lowkrantz, Goran wrote: > Hi Mark, > > 01300 allow tcp from any to any established > > I have the line you refer to. Its before the one that I added for the server > (03900). > > Cheers, > GLZ > > > -----Original Message----- > > From: Marc Silver [mailto:marcs@is.co.za] > > Sent: Friday, March 03, 2000 11:36 AM > > To: Lowkrantz, Goran > > Cc: freebsd-questions@FreeBSD.ORG > > Subject: Re: Attach to server on FW breaks > > > > > > Have you got something like this in your firewall config? > > > > # Allow TCP through if setup succeeded > > $fwcmd add pass tcp from any to any established > > > > This is taken from /etc/rc.firewall. What it sounds like to me (and I > > could be wrong) is that the connection is being accepted and then > > afterwards the packets are being truncated by the firewall because you > > don't have that line in. > > > > Try it and hopefully it will work. > > > > Cheers, > > Marc > > > > On Fri, Mar 03, 2000 at 10:34:36AM +0100, Lowkrantz, Goran wrote: > > > > > > I am totaly at loss with this, just don't understand why it > > does not work > > > and can't find anything in the archives. Please enlighten me. > > > > > > I have a FW based on FreeBSD 3.4-STABLE with ipfw. On this > > I try to run a > > > server listening to the external interface. I have added > > the following rule: > > > > > > allow log tcp from X.X.X.X to Y.Y.Y.Y Z setup > > > > > > When connecting, I get the following entry in the log: > > > > > > Mar 3 10:03:22 ns2 /kernel: ipfw: 3900 Accept TCP > > X.X.X.X:13955 Y.Y.Y.Y:Z > > > in via xl0 > > > > > > and they both wait for the client to send the first data. > > On the first send > > > from the client, the connection is broken and the server > > receives an EOF. > > > > > > I have the server in hosts.allow and even tested with an > > ALL:ALL:allow first > > > rule but it's the same either way. And yes, rebooted > > between test to make > > > sure it was seen. > > > > > > I just don't understand whats happening, as the filterline > > before this is > > > the smtpd accept line, looking like this > > > > > > allow log tcp from any to Y.Y.Y.Y 25 setup > > > > > > and it works! > > > > > > I need new ideas!! > > > > > > Cheers, > > > GLZ > > > > > > --- > > > Goran Lowkrantz Email : > > goran.lowkrantz@infologigruppen.se > > > Infologigruppen Alfa AB Telephone: Nat 070-587 8782 Fax: > > Nat 070-615 > > > 8782 > > > Box 202 Int +46 70-587 8782 > > Int +46 70-615 > > > 8782 > > > 941 25 Pitea, Sweden > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > -- > > > > Marc Silver > > IS Hosting Infrastructure > > The Internet Solution > > Tel: (+27 11) 283 5500 > > Fax: (+27 11) 283 5001 > > E-mail: marcs@is.co.za > > Web: www.is.co.za > > -- Marc Silver IS Hosting Infrastructure The Internet Solution Tel: (+27 11) 283 5500 Fax: (+27 11) 283 5001 E-mail: marcs@is.co.za Web: www.is.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message