From owner-freebsd-questions@FreeBSD.ORG Fri May 31 15:14:27 2013 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 63A69696 for ; Fri, 31 May 2013 15:14:27 +0000 (UTC) (envelope-from c.kworr@gmail.com) Received: from mail-lb0-f173.google.com (mail-lb0-f173.google.com [209.85.217.173]) by mx1.freebsd.org (Postfix) with ESMTP id E0D8F9E0 for ; Fri, 31 May 2013 15:14:26 +0000 (UTC) Received: by mail-lb0-f173.google.com with SMTP id t10so1791245lbi.4 for ; Fri, 31 May 2013 08:14:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=zY5qMBMnKmHu1nuXpcTwU8VY54Sihijae3YK7BNvkac=; b=XJw+ZXqHoPS8rLr3P6xEnk9K/JQF8WoVo/p2Yk1lbR8isH4Iy6KkrHfbvhO0DTfOhF U4yXi9N0i7F83tBtwLc0+mj+F0hBQGVlLO41g6/pBJGVwZMrsH7bebJNN41dXRAkou+s mOaRk4D/KvK/1cmupCYF+oov6QdLsCg15UyQRMZluISoRzNr4zqMwhixaV5HWgsUmlK8 Dco6DIjAC5iLP5xcif5OaFRY4rOvyQXi9X9joto5h9onkZKnbUHhOmKK8/+AtbBrqGX+ 3MMMnh+nCi/W25A2KyG5/Mof3JJ14+yb85SUeN35yGjF20Z8DghX03rF399cAKB60cDr 6dtQ== X-Received: by 10.112.7.4 with SMTP id f4mr6044513lba.132.1370013260062; Fri, 31 May 2013 08:14:20 -0700 (PDT) Received: from [192.168.1.128] (mau.donbass.com. [92.242.127.250]) by mx.google.com with ESMTPSA id g10sm19679987lag.10.2013.05.31.08.14.18 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 31 May 2013 08:14:19 -0700 (PDT) Message-ID: <51A8BE49.3070801@gmail.com> Date: Fri, 31 May 2013 18:14:17 +0300 From: Volodymyr Kostyrko User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:20.0) Gecko/20100101 Firefox/20.0 SeaMonkey/2.17.1 MIME-Version: 1.0 To: Stefan Desancic , "questions@FreeBSD.org" Subject: Re: TCPmux References: <51A85FFE.7060701@gmail.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 May 2013 15:14:27 -0000 31.05.2013 14:10, Stefan Desancic: > Hi, > > Thank you for your very speedy response. > Also Attached is the config file. > > Kind Regards > > Stefan > > > # Section: Interfaces > public_if19="em0" > private_if18="em1" > mgmt_if="em1" > # End: Interfaces > > # Section: Ports > Management = "{22,5555}" > ikeports = "{500,4500}" > # End: Ports > > # Section: Address Table > table {192.168.50.250} > table {192.168.50.1} > table {10.0.0.1} > table {10.0.0.2} > table {192.168.50.250} > table {192.168.100.0/24} > table {192.168.50.0/24} > table {192.168.50.250} > # End: Address Table > > # Section: Options > set ruleset-optimization none > set block-policy return > set skip on lo > # End: Options > > # Section: Scrubbing > scrub in all > # End: Scrubbing > > # Section: Anti Spoofing > antispoof quick for {$public_if19, $private_if18} inet > # End: Anti Spoofing > > # Section: Firewall Rules > # Section: System Rules > block in from any to any label RuleId[111] > pass out from any to any label RuleId[112] > # End: System Rules > > # Section: VPN LPN access Rules > pass from {} to {} tagged vpn label RuleId[140] > pass from {} to {} label RuleId[141] > # End: VPN LPN access Rules > > # Section: User Rules > # block from any to any no state label RuleId[149] > # pass in from {} to {} label RuleId[151] > # pass in from {} to {} label RuleId[152] > pass from any to any label RuleId[157] > # End: User Rules > > # Section: IPsec Rules > pass in on $mgmt_if proto {udp} from {} to {} port $ikeports label RuleId[117] > pass in on $mgmt_if proto {esp} from {} to {} label RuleId[118] > pass in on $mgmt_if proto {ipencap} from {} to {} tag management label RuleId[119] > pass proto {udp} from {} to {} port $ikeports label RuleId[131] > pass proto {udp} from {} to {} port $ikeports label RuleId[132] > pass proto {esp} from {} to {} label RuleId[133] > pass proto {esp} from {} to {} label RuleId[134] > pass in on $public_if19 proto {udp} from {} to {} port $ikeports label RuleId[135] > pass out on $public_if19 proto {udp} from {} to {} port $ikeports label RuleId[136] > pass in on $public_if19 proto {esp} from {} to {} label RuleId[137] > pass out on $public_if19 proto {esp} from {} to {} label RuleId[138] > pass in on $public_if19 proto {ipencap} from {} to {} tag vpn label RuleId[139] > # End: IPsec Rules > > # Section: Management Rules > pass in on $mgmt_if proto {tcp} from {} to {} port $Management tagged management label RuleId[120] > # End: Management Rules > # End: Firewall Rules I'm missing a rule which would pass tcp connections to port 1 on any interface. However I can see a pass all rule. Remote connections should be enabled. How your tcpmux server is configured? Can you show the output of `sockstat | grep ':1 '`? >> Good Morning, >> >> Is there a flag or a setting in the PF firewall in FreeBSD that you can set to allow TCPmux traffic to flow through it? The pass all rule doesn't seem to work, however if I disable PF completely then the TCPmux traffic flow through. > > I have no problems with tcpmux and pf. Can you show your config? On my machines tcpmux is served from inetd on default port (1). -- Sphinx of black quartz, judge my vow.