Date: Tue, 22 May 2001 18:26:51 -0700 From: "vipor" <vipor_1@hotmail.com> To: <freebsd-questions@freebsd.org> Subject: I request help on how to allow in or out going tcp & udp... under natd +IPFW Message-ID: <OE1057Qnq7yzBPYBRJm000062ae@hotmail.com>
index | next in thread | raw e-mail
[-- Attachment #1 --] Hello, I Have Been Working On My Firewall on one of my bsd box's. I have freebsd 4.3 stable running natd with ipfw. Trying to setup some rules to allow some ports out & in for my lan computers. This is kind of hard for me, just thing of me as a pup when it comes to editing firewalls!! O the pane of it all...heheh I would like to know how to set up my ipfw to allow in or out going of tcp & udp packets !!! to one of my lan computers on ip 192.168.0.4 I have been reading and it look's like the only two things i could use are divert port or fwd ipaddr [,port] Now i have tried to use both of these.. but i am not getting it to work.. so i am looking for help here... an example on how to do this would be grate!!! I am trying to play some online games at msn gaming zone ---> http://zone.msn.com But my lan computers are unable to do this. here are the need udp & tcp ports specs part # 1 This article describes the ports required to play games with other players on the MSN Gaming Zone through a firewall, proxy server, Network Address Translation (NAT), or Internet Connection Sharing (ICS). To play games on the MSN Gaming Zone through a network firewall or proxy server, the following requirements must be met: Your network administrator must configure the firewall or proxy server to allow the games to pass information through the proxy server or firewall. The following TCP ports on the firewall must be open: 6667 28800 - 29000 part # 2 Connection Initial TCP Connection 47624 Outbound 47624 Inbound Subsequent TCP Inbound 2300-2400 Subsequent TCP Outbound 2300-2400 Subsequent UDP Inbound 2300-2400 Subsequent UDP Outbound 2300-2400 I am unable to get it to work !!! here is all of the info that I have. So far this is my setup. RC.CONF : natd_interface="ed0" # Outside interface oif="ed0" # Inside interface iif="xl0" gateway_enable="YES" tcp_extensions="YES" firewall_enable="YES" firewall_script="/etc/rc.ipfw firewall_type="open" natd_enable="YES" natd_interface="ed0" RC.IPFW #This article describes the ports required to play Microsoft DirectX multiplayer games #through a firewall, a proxy server, Network Address Translation (NAT), or Intenet #Connection Sharing TCP RULES I could not get this to work right so I removed it ${fwcmd} add pass tcp from any 1000-6667 to any out ${fwcmd} add divert natd tcp from any to 192.168.0.4 1000-6667 in ${fwcmd} add pass tcp from any 20000-29000 to any out ${fwcmd} add divert natd tcp from any to 192.168.0.4 28800-29000 in ${fwcmd} add pass tcp from any to 25000-47624 to any out ${fwcmd} add divert natd from any to 192.168.4 30000-47624 in SO I AM NOW USING THIS ${fwcmd} add pass tcp from any 1000-6667 to any out ${fwcmd} add pass tcp from any to any 1000-6667 in ${fwcmd} add pass tcp from any 20000-29000 to any out ${fwcmd} add pass tcp from any to any 28800-29000 in ${fwcmd} add pass tcp from any 25000-47624 to any out ${fwcmd} add pass tcp from any to any 30000-47624 in #This article describes the ports required to play Microsoft DirectX multiplayer games #through a firewall, a proxy server, Network Address Translation (NAT), or Intenet #Connection Sharing UDP RULES I AM NOW USING THIS ${fwcmd} add pass udp from any 1000-6667 to any out ${fwcmd} add pass udp from any to any 1000-6667 in ${fwcmd} add pass udp from any 20000-29000 to any out ${fwcmd} add pass udp from any to any 2000-29000 in ${fwcmd} add pass udp from any 30000-47624 to any out ${fwcmd} add pass udp from any to any 30000-47624 in ipfw -a list 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 192.168.0.0/24 to any in recv ed0 00400 0 0 deny ip from 24.0.136.0/22 to any in recv xl0 00500 0 0 deny ip from any to 10.0.0.0/8 via ed0 00600 0 0 deny ip from any to 172.16.0.0/12 via ed0 00700 0 0 deny ip from any to 192.168.0.0/16 via ed0 00800 0 0 deny ip from any to 0.0.0.0/8 via ed0 00900 0 0 deny ip from any to 169.254.0.0/16 via ed0 01000 0 0 deny ip from any to 192.0.2.0/24 via ed0 01100 0 0 deny ip from any to 224.0.0.0/4 via ed0 01200 0 0 deny ip from any to 240.0.0.0/4 via ed0 01300 27664 4089592 divert 8668 ip from any to any via ed0 01400 0 0 deny ip from 10.0.0.0/8 to any via ed0 01500 0 0 deny ip from 172.16.0.0/12 to any via ed0 01600 0 0 deny ip from 192.168.0.0/16 to any via ed0 01700 0 0 deny ip from 0.0.0.0/8 to any via ed0 01800 0 0 deny ip from 169.254.0.0/16 to any via ed0 01900 0 0 deny ip from 192.0.2.0/24 to any via ed0 02000 0 0 deny ip from 224.0.0.0/4 to any via ed0 02100 0 0 deny ip from 240.0.0.0/4 to any via ed0 02200 25301 7102078 allow tcp from any to any established 02300 0 0 allow ip from any to any frag 02400 1442 69216 allow tcp from any to any 80 setup 02500 0 0 allow tcp from any to any 25 setup 02600 0 0 allow tcp from any 20 to any 1024-65535 setup 02700 0 0 deny log logamount 100 tcp from any to any 21 in recv ed0 setup 02800 0 0 allow log logamount 100 tcp from any to any 22 in recv ed0 setup 02900 0 0 reset tcp from any to any 113 in recv ed0 setup 03000 301 14448 allow tcp from any 1000-6667 to any out 03100 8 384 allow tcp from any to any 1000-6667 in 03200 0 0 allow tcp from any 20000-29000 to any out 03300 0 0 allow tcp from any to any 28800-29000 in 03400 0 0 allow tcp from any 25000-47624 to any out 03500 163 7824 allow tcp from any to any 30000-47624 in 03600 4 240 deny log logamount 100 tcp from any to any in recv ed0 setup 03700 133 6384 allow tcp from any to any setup 03800 0 0 allow tcp from any to any 3782-3783 03900 0 0 allow tcp from any to any 18009 04000 0 0 allow tcp from any 6891-6901 to any via ed0 04100 0 0 allow tcp from any 1863 to any via ed0 04200 106 6396 allow udp from any to 24.5.247.15 53 04300 0 0 allow udp from any to 24.5.247.17 53 04400 4 252 allow udp from any to 24.5.247.19 53 04500 102 25804 allow udp from 24.5.247.15 53 to any 04600 0 0 allow udp from 24.5.247.17 53 to any 04700 4 684 allow udp from 24.5.247.19 53 to any 04800 79 11972 allow udp from any to any 137-139 via xl0 04900 0 0 allow log logamount 100 udp from any to any 514 via xl0 05000 0 0 allow udp from any 123 to any 123 via ed0 05100 0 0 allow udp from any 123 to any via xl0 05200 0 0 allow udp from any to any 123 via xl0 05300 165 13120 allow udp from any 1000-6667 to any out 05400 2 80 allow udp from any to any 1000-6667 in 05500 12767 408544 allow udp from any 20000-29000 to any out 05600 12849 411168 allow udp from any to any 2000-29000 in 05700 0 0 allow udp from any 30000-47624 to any out 05800 163 13040 allow udp from any to any 30000-47624 in 05900 0 0 allow udp from any to any 33434-33523 out xmit ed0 06000 0 0 allow udp from any to any 3782-3783 06100 0 0 allow udp from any to any 18009 06200 0 0 allow udp from any 6901 to any via ed0 06300 0 0 allow udp from any to any 6901 via ed0 06400 0 0 allow udp from any 7801 to any via ed0 06500 0 0 allow udp from any 7825 to any via ed0 06600 0 0 allow udp from any 2001-2120 to any via ed0 06700 1055 59080 allow icmp from any to any via xl0 06800 0 0 allow icmp from any to any out xmit ed0 icmptype 8 06900 0 0 allow icmp from any to any in recv ed0 icmptype 0 07000 1053 58968 allow icmp from any to any via ed0 icmptype 3,4,11,12 07100 1 32 deny icmp from any to any 07200 6 1410 deny log logamount 1000 ip from any to any 63000 0 0 deny ip from any to 0.0.0.255:0.0.0.255 in recv ed0 64000 0 0 deny log logamount 100 udp from any to any 137-139 via ed0 65000 0 0 deny log logamount 100 ip from any to any via ed0 65535 47730 1958043 deny ip from any to any If you have any questions please just ask me.. Thanks in advance Pup Admin: Mike Gamer Name VIPOR Server's FreeBSD 4.2-STABLE (VIPOR1) FreeBSD 4.3-STABLE (VIPOR2) vipor_1@hotmail.com [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 5.50.4522.1800" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial size=4><STRONG></STRONG></FONT> </DIV> <DIV><FONT face=Arial size=5><STRONG>Hello,</STRONG></FONT></DIV> <DIV><FONT face=Arial size=4><STRONG></STRONG></FONT> </DIV> <DIV><STRONG><FONT face=Arial>I Have Been Working On My Firewall on one of my bsd box's.<BR>I have freebsd 4.3 stable running natd with ipfw.<BR>Trying to setup some rules to allow some ports out & in for my </FONT></STRONG></DIV> <DIV><STRONG><FONT face=Arial>lan computers. This is kind of hard for me, just thing of me as a</FONT></STRONG></DIV> <DIV><STRONG><FONT face=Arial> <U><EM>pup </EM></U>when it comes to editing firewalls!! O the pane of it all...heheh</FONT></STRONG></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><STRONG><FONT face=Arial>I would like to know how to set up my ipfw to allow <BR>in or out going of tcp & udp packets !!! to one of my lan computers<BR>on ip 192.168.0.4 </FONT></STRONG></DIV> <DIV><BR><STRONG><FONT face=Arial>I have been reading and it look's like the only two things i could </FONT></STRONG></DIV> <DIV><STRONG><FONT face=Arial>use are divert port or fwd ipaddr [,port]</FONT></STRONG></DIV> <DIV><BR><STRONG><FONT face=Arial>Now i have tried to use both of these.. but i am not getting it to work..<BR>so i am looking for help here...<BR>an example on how to do this would be grate!!!</FONT></STRONG></DIV> <DIV><STRONG><FONT face=Arial></FONT></STRONG> </DIV> <DIV><FONT size=2><FONT face=Arial><STRONG><FONT size=3>I am trying to play some online games at msn gaming zone ---></FONT></STRONG><BR></FONT></FONT><A href="http://zone.msn.com"><FONT face=Arial size=2>http://zone.msn.com</FONT></A></DIV><FONT size=2> <DIV><BR><FONT face=Arial size=3><STRONG>But my lan computers are unable to do this.</STRONG></FONT></DIV> <DIV><FONT face=Arial size=3><STRONG>here are the need udp & tcp ports specs</STRONG></FONT><FONT face=Arial size=3><STRONG></DIV> <DIV> <DIV><FONT face=Arial size=3><U><STRONG>part # 1</STRONG></U></FONT></DIV> <DIV><U></U><BR>This article describes the ports required to play games with other </STRONG></FONT></DIV></DIV> <DIV><FONT face=Arial size=3><STRONG>players on the MSN Gaming Zone through a firewall, proxy server, </STRONG></FONT></DIV> <DIV><FONT face=Arial size=3><STRONG>Network Address Translation (NAT), or Internet Connection Sharing (ICS). </STRONG></FONT></DIV> <DIV><FONT face=Arial size=3><STRONG>To play games on the MSN Gaming Zone through a network firewall or proxy<BR>server, the following requirements must be met:<BR>Your network administrator must configure the firewall or proxy server to<BR>allow the games to pass information through the proxy server or firewall.<BR> The following TCP ports on the firewall must be open:</STRONG></FONT></DIV> <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT face=Arial>6667<BR>28800 - 29000</FONT></DIV> <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT face=Arial size=3><U><STRONG>part # 2</STRONG></U></FONT></DIV> <DIV><FONT face=Arial><STRONG>Connection </STRONG></FONT><FONT face=Arial><STRONG>Initial TCP Connection</STRONG><BR>47624 <STRONG>Outbound<BR></STRONG>47624 <STRONG>Inbound</STRONG></FONT></DIV> <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT face=Arial><STRONG>Subsequent TCP Inbound<BR></STRONG>2300-2400<BR><STRONG>Subsequent TCP Outbound<BR></STRONG>2300-2400</FONT></DIV> <DIV><FONT face=Arial><STRONG></STRONG></FONT> </DIV> <DIV><FONT face=Arial><STRONG>Subsequent UDP Inbound<BR></STRONG>2300-2400<BR><STRONG>Subsequent UDP Outbound</STRONG><BR>2300-2400</FONT></DIV> <DIV><FONT face=Arial><FONT size=4><STRONG><B><FONT color=#000000 size=2> </DIV></B></FONT></STRONG></FONT></FONT> <DIV><FONT face=Arial size=4><STRONG>I am unable to get it to work !!! here is all of </STRONG></FONT></DIV> <DIV><FONT face=Arial size=4><STRONG>the info that I have.</STRONG></FONT></DIV> <DIV><FONT face=Arial size=4><STRONG></STRONG></FONT> </DIV> <DIV><FONT face=Arial size=4><STRONG>So far this is my setup.</STRONG></FONT></DIV> <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT face=Arial size=4>RC.CONF :</FONT></DIV> <DIV><FONT face=Arial size=4></FONT> </DIV> <DIV><FONT face=Arial>natd_interface="ed0"<BR># Outside interface<BR>oif="ed0"<BR># Inside interface<BR>iif="xl0"<BR>gateway_enable="YES"<BR>tcp_extensions="YES"<BR>firewall_enable="YES"<BR>firewall_script="/etc/rc.ipfw<BR>firewall_type="open"<BR>natd_enable="YES"<BR>natd_interface="ed0"</FONT></DIV> <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT face=Arial><FONT size=4>RC.IPFW</FONT><BR>#This article describes the ports required to play Microsoft DirectX multiplayer games<BR>#through a firewall, a proxy server, Network Address Translation (NAT), or Intenet<BR>#Connection Sharing <STRONG><U><FONT size=3> TCP RULES</FONT></U></STRONG></FONT></DIV> <DIV><STRONG><U><FONT face=Arial size=3></FONT></U></STRONG> </DIV> <DIV><U><FONT face=Arial size=4>I could not get this to work right so I removed it </FONT></U></DIV> <DIV><FONT face=Arial> ${fwcmd} add pass tcp from any 1000-6667 to any out<BR> ${fwcmd} add divert natd tcp from any to 192.168.0.4 1000-6667 in<BR> ${fwcmd} add pass tcp from any 20000-29000 to any out<BR> ${fwcmd} add divert natd tcp from any to 192.168.0.4 28800-29000 in<BR> ${fwcmd} add pass tcp from any to 25000-47624 to any out<BR> ${fwcmd} add divert natd from any to 192.168.4 30000-47624 in</FONT></DIV> <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT face=Arial size=4><U>SO I AM NOW USING THIS</U></FONT></DIV> <DIV><FONT face=Arial> ${fwcmd} add pass tcp from any 1000-6667 to any out <BR> ${fwcmd} add pass tcp from any to any 1000-6667 in</FONT></DIV> <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT face=Arial> ${fwcmd} add pass tcp from any 20000-29000 to any out<BR> ${fwcmd} add pass tcp from any to any 28800-29000 in</FONT></DIV> <DIV><BR><FONT face=Arial> ${fwcmd} add pass tcp from any 25000-47624 to any out</FONT></DIV> <DIV><FONT face=Arial> ${fwcmd} add pass tcp from any to any 30000-47624 in</FONT></DIV> <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT face=Arial>#This article describes the ports required to play Microsoft DirectX multiplayer games<BR>#through a firewall, a proxy server, Network Address Translation (NAT), or Intenet<BR>#Connection Sharing <STRONG><U><FONT size=3>UDP RULES</FONT></U></STRONG></FONT></DIV> <DIV><STRONG><U><FONT face=Arial size=3></FONT></U></STRONG> </DIV> <DIV><FONT face=Arial size=4><U>I AM NOW USING THIS</U></FONT></DIV> <DIV><FONT face=Arial size=3> ${fwcmd} add pass udp from any 1000-6667 to any out<BR> ${fwcmd} add pass udp from any to any 1000-6667 in</FONT></DIV> <DIV><FONT face=Arial size=3></FONT> </DIV> <DIV><FONT face=Arial size=3> ${fwcmd} add pass udp from any 20000-29000 to any out<BR> ${fwcmd} add pass udp from any to any 2000-29000 in</FONT></DIV> <DIV><FONT face=Arial size=3></FONT> </DIV> <DIV><FONT face=Arial size=3> ${fwcmd} add pass udp from any 30000-47624 to any out<BR> ${fwcmd} add pass udp from any to any 30000-47624 in</FONT></DIV> <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT face=Arial><FONT size=4>ipfw -a list</FONT><BR>00100 0 0 allow ip from any to any via lo0<BR>00200 0 0 deny ip from any to 127.0.0.0/8<BR>00300 0 0 deny ip from 192.168.0.0/24 to any in recv ed0<BR>00400 0 0 deny ip from 24.0.136.0/22 to any in recv xl0<BR>00500 0 0 deny ip from any to 10.0.0.0/8 via ed0<BR>00600 0 0 deny ip from any to 172.16.0.0/12 via ed0<BR>00700 0 0 deny ip from any to 192.168.0.0/16 via ed0<BR>00800 0 0 deny ip from any to 0.0.0.0/8 via ed0<BR>00900 0 0 deny ip from any to 169.254.0.0/16 via ed0<BR>01000 0 0 deny ip from any to 192.0.2.0/24 via ed0<BR>01100 0 0 deny ip from any to 224.0.0.0/4 via ed0<BR>01200 0 0 deny ip from any to 240.0.0.0/4 via ed0<BR>01300 27664 4089592 divert 8668 ip from any to any via ed0<BR>01400 0 0 deny ip from 10.0.0.0/8 to any via ed0<BR>01500 0 0 deny ip from 172.16.0.0/12 to any via ed0<BR>01600 0 0 deny ip from 192.168.0.0/16 to any via ed0<BR>01700 0 0 deny ip from 0.0.0.0/8 to any via ed0<BR>01800 0 0 deny ip from 169.254.0.0/16 to any via ed0<BR>01900 0 0 deny ip from 192.0.2.0/24 to any via ed0<BR>02000 0 0 deny ip from 224.0.0.0/4 to any via ed0<BR>02100 0 0 deny ip from 240.0.0.0/4 to any via ed0<BR>02200 25301 7102078 allow tcp from any to any established<BR>02300 0 0 allow ip from any to any frag<BR>02400 1442 69216 allow tcp from any to any 80 setup<BR>02500 0 0 allow tcp from any to any 25 setup<BR>02600 0 0 allow tcp from any 20 to any 1024-65535 setup<BR>02700 0 0 deny log logamount 100 tcp from any to any 21 in recv ed0 setup<BR>02800 0 0 allow log logamount 100 tcp from any to any 22 in recv ed0 setup<BR>02900 0 0 reset tcp from any to any 113 in recv ed0 setup<BR>03000 301 14448 allow tcp from any 1000-6667 to any out<BR>03100 8 384 allow tcp from any to any 1000-6667 in<BR>03200 0 0 allow tcp from any 20000-29000 to any out<BR>03300 0 0 allow tcp from any to any 28800-29000 in<BR>03400 0 0 allow tcp from any 25000-47624 to any out<BR>03500 163 7824 allow tcp from any to any 30000-47624 in<BR>03600 4 240 deny log logamount 100 tcp from any to any in recv ed0 setup<BR>03700 133 6384 allow tcp from any to any setup<BR>03800 0 0 allow tcp from any to any 3782-3783<BR>03900 0 0 allow tcp from any to any 18009<BR>04000 0 0 allow tcp from any 6891-6901 to any via ed0<BR>04100 0 0 allow tcp from any 1863 to any via ed0<BR>04200 106 6396 allow udp from any to 24.5.247.15 53<BR>04300 0 0 allow udp from any to 24.5.247.17 53<BR>04400 4 252 allow udp from any to 24.5.247.19 53<BR>04500 102 25804 allow udp from 24.5.247.15 53 to any<BR>04600 0 0 allow udp from 24.5.247.17 53 to any<BR>04700 4 684 allow udp from 24.5.247.19 53 to any<BR>04800 79 11972 allow udp from any to any 137-139 via xl0<BR>04900 0 0 allow log logamount 100 udp from any to any 514 via xl0<BR>05000 0 0 allow udp from any 123 to any 123 via ed0<BR>05100 0 0 allow udp from any 123 to any via xl0<BR>05200 0 0 allow udp from any to any 123 via xl0<BR>05300 165 13120 allow udp from any 1000-6667 to any out<BR>05400 2 80 allow udp from any to any 1000-6667 in<BR>05500 12767 408544 allow udp from any 20000-29000 to any out<BR>05600 12849 411168 allow udp from any to any 2000-29000 in<BR>05700 0 0 allow udp from any 30000-47624 to any out<BR>05800 163 13040 allow udp from any to any 30000-47624 in<BR>05900 0 0 allow udp from any to any 33434-33523 out xmit ed0<BR>06000 0 0 allow udp from any to any 3782-3783<BR>06100 0 0 allow udp from any to any 18009<BR>06200 0 0 allow udp from any 6901 to any via ed0<BR>06300 0 0 allow udp from any to any 6901 via ed0<BR>06400 0 0 allow udp from any 7801 to any via ed0<BR>06500 0 0 allow udp from any 7825 to any via ed0<BR>06600 0 0 allow udp from any 2001-2120 to any via ed0<BR>06700 1055 59080 allow icmp from any to any via xl0<BR>06800 0 0 allow icmp from any to any out xmit ed0 icmptype 8<BR>06900 0 0 allow icmp from any to any in recv ed0 icmptype 0<BR>07000 1053 58968 allow icmp from any to any via ed0 icmptype 3,4,11,12<BR>07100 1 32 deny icmp from any to any<BR>07200 6 1410 deny log logamount 1000 ip from any to any<BR>63000 0 0 deny ip from any to 0.0.0.255:0.0.0.255 in recv ed0<BR>64000 0 0 deny log logamount 100 udp from any to any 137-139 via ed0<BR>65000 0 0 deny log logamount 100 ip from any to any via ed0<BR>65535 47730 1958043 deny ip from any to any</FONT></DIV> <DIV><FONT face=Arial><BR><BR></FONT> </DIV> <DIV><FONT face=Arial><FONT size=4>If you have any questions please just ask me..</FONT></FONT></DIV> <DIV><FONT face=Arial><FONT size=4><BR><STRONG><FONT face="Times New Roman" size=5>Thanks in advance</FONT></STRONG></FONT></FONT></DIV><FONT face=Arial><FONT size=4><STRONG><FONT face="Times New Roman" size=5></FONT></STRONG> <DIV><BR></FONT>Pup Admin: Mike<BR>Gamer Name VIPOR<BR>Server's<BR>FreeBSD 4.2-STABLE (VIPOR1)<BR>FreeBSD 4.3-STABLE (VIPOR2)<BR></FONT><A href="mailto:vipor_1@hotmail.com"><FONT face=Arial>vipor_1@hotmail.com</FONT></A></DIV> <DIV></FONT> </DIV></BODY></HTML>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE1057Qnq7yzBPYBRJm000062ae>