From owner-freebsd-questions Fri Feb 12 14:44:38 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA17946 for freebsd-questions-outgoing; Fri, 12 Feb 1999 14:44:38 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from dax.belen.k12.nm.us (dax.belen.k12.nm.us [206.206.121.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA17939 for ; Fri, 12 Feb 1999 14:44:36 -0800 (PST) (envelope-from wildcard@dax.belen.k12.nm.us) Received: from localhost (wildcard@localhost) by dax.belen.k12.nm.us (8.9.2/8.8.7) with SMTP id PAA03168; Fri, 12 Feb 1999 15:46:17 -0700 (MST) (envelope-from wildcard@dax.belen.k12.nm.us) Date: Fri, 12 Feb 1999 15:46:17 -0700 (MST) From: wildcardus freakis To: Dan Busarow cc: freebsd-questions@FreeBSD.ORG Subject: Re: Queer Behavior... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 12 Feb 1999, Dan Busarow wrote: > On Fri, 12 Feb 1999, wildcardus freakis wrote: > > #$fwcmd add 0556 deny log tcp from any to ${oip} 11 > > #$fwcmd add 0557 deny log udp from any to ${oip} 11 > > #$fwcmd add 0558 deny log tcp from any to ${oip} 37 > > #$fwcmd add 0559 deny log udp from any to ${oip} 37 > > #$fwcmd add 0660 allow udp from any to ${oip} 123 > > #$fwcmd add 0660 allow tcp from 192.168.1.2 to ${oip} > > #$fwcmd add 0660 allow tcp from 206.206.121.11:8080 to ${oip} > > #$fwcmd add 0660 allow udp from 206.206.121.11:8080 to ${oip} > > #$fwcmd add 0660 deny log tcp from any to ${oip} 109-1079 > > #$fwcmd add 0661 deny log udp from any to ${oip} 109-1079 > > #$fwcmd add 0662 deny log tcp from any to ${oip} 4000-5999 > > #$fwcmd add 0663 deny log udp from any to ${oip} 4000-5999 > > #$fwcmd add 0664 deny log tcp from any to ${oip} 6000-49999 > > #$fwcmd add 0665 deny log udp from any to ${oip} 6000-49999 > > > > ok. When I loaded these rules in every windows machine in my domain came > > up with this error...and obviously could not access the web or anything > > inc. telnet to other domains: > > > > Fatal Exception 0E has occured at somestupidmemadd in VXD MSTCP(01) + > > 000092F7 > > Running a samba server on that box (or behind it) ? > Try opening up 137, 138 and 139 for SMB services. Nope...no Samba here...206.206.121.11 is our web server...it was sending numerous queries to various machines but all were coming from port 8080 so I just stuck in a line that allowed anything from that machine on that port to be allowed...I didn't want to say allow all from 206.206.121.11, that would just be asking for SYN/RST war trouble all over again... Like I said in the begining, I didn't have ipfw errors pushing up after I added these lines in, just Windows errors...so if there is a specific port that windows absolutely needs to function, I can add an allow in for it and solve my problem that was why I was asking if anyone had come accross this kind of problem before.... Sasha > > Dan > -- > Dan Busarow 949 443 4172 > Dana Point Communications, Inc. dan@dpcsys.com > Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message