From owner-freebsd-questions@FreeBSD.ORG  Tue Apr 20 23:28:06 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4883516A4CE
	for <questions@freebsd.org>; Tue, 20 Apr 2004 23:28:06 -0700 (PDT)
Received: from mail.elvandar.org (cust.94.120.adsl.cistron.nl [195.64.94.120])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A3AF043D55
	for <questions@freebsd.org>; Tue, 20 Apr 2004 23:28:03 -0700 (PDT)
	(envelope-from remko@elvandar.org)
Message-ID: <40861475.7000009@elvandar.org>
Date: Wed, 21 Apr 2004 08:28:05 +0200
From: Remko Lodder <remko@elvandar.org>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: questions@freebsd.org
References: <000501c42756$c901b6e0$0200a8c0@satellite>
In-Reply-To: <000501c42756$c901b6e0$0200a8c0@satellite>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at elvandar.org
Subject: Re: ipfilter allowing cvs
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2004 06:28:06 -0000

dave wrote:
> Hello,
>     I've got a problem allowing cvs traffic through my firewall. Whenever
> the firewall is up i get timeout errors, drop the firewall and everything
> works fine. I've got a rule that i would have supposed would have worked, it
> passes all traffic from my internal interface to the cvs server, all traffic
> external is allowed in, it's the internal interface that governs what can
> get to me. If anyone is running a cvs server behind a firewall, note, i'm
> using nat, please let me know your setup.
> Thanks.
> Dave.
Heya Dave,

Let's play this in a reversed order, what is your rule that enables the 
usage of cvs in your network? (you are allowed to obscure the data ;))

I think there would be something like:

pass in quick on <if> from any to <my_int> port 2401 keep state

or something similiar.

Cheers


-- 

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl A Dutch community for helping newcomers on the 
hackerscene