Date: Thu, 5 Aug 1999 16:12:51 -0500 From: "David B. Aas" <dave@ciminot.com> To: "'Oscar Bonilla'" <obonilla@fisicc-ufm.edu> Cc: "'Ray Seals'" <rayseals@midwestis.com>, "'Thomas Uhrfelt'" <thomas.uhrfelt@plymovent.se>, <questions@freebsd.org> Subject: FW: Need consulting help with v3.2 firewall Message-ID: <000801bedf87$92edf580$0fc8a8c0@dave.ciminot.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0009_01BEDF5D.AA17ED80 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit -----Original Message----- From: Dave Aas [mailto:daveaas@townandcountry.org] On Behalf Of David B. Aas Sent: Thursday, August 05, 1999 4:02 PM To: 'Oscar Bonilla' Cc: 'Ray Seals'; 'Thomas Uhrfelt'; 'questions@freebsd.org' Subject: RE: Need consulting help with v3.2 firewall Thanks, Oscar! I did as you suggested. I forgot to tell you in my prior message that I am getting a console error message as follows: "servername popper[number]: (v2.53) unable to get canonical name of client, err=0" The changes that I made did not help. I still cannot get thru with POP3 clients to the outside, and the above error message still appears on my console. I have attached the output of my "ipfw show" command. It is interesting that I am denying UDP but I don't seem to be denying TCP. I am not getting any console messages with the "log" command. I believe I compiled without the "IPFIREWALL_VERBOSE" command. I can recompile this easily. By the way, what is the magic to allow ping? I changed the command to "allow icmp from any to any" and it still won't let me ping! Thanks for your help. Dave Aas dave@ciminot.com > -----Original Message----- > From: 'Oscar Bonilla' [mailto:obonilla@fisicc-ufm.edu] > Sent: Wednesday, August 04, 1999 10:54 AM > To: David B. Aas > Cc: 'Ray Seals'; 'Oscar Bonilla'; 'Thomas Uhrfelt'; > questions@freebsd.org > Subject: Re: Need consulting help with v3.2 firewall < snip > ------=_NextPart_000_0009_01BEDF5D.AA17ED80 Content-Type: text/plain; name="ipfwshow.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="ipfwshow.txt" gateway# ipfw show 00100 50729 15065707 divert 8668 ip from any to any via xl1 00200 8092 532666 allow ip from any to any via lo0 00300 0 0 deny ip from any to 127.0.0.0/8 00400 0 0 deny ip from 129.1.1.0/24 to any in recv xl1 00500 0 0 deny ip from 208.149.231.0/30 to any in recv xl0 00500 0 0 deny ip from 208.149.231.0/30 to any in recv xl0 00600 84472 28952256 allow tcp from any to any established 00700 5 252 allow tcp from any to 208.149.231.82 25 setup 00710 2418 115936 allow tcp from any to any 110 setup 00800 0 0 allow tcp from any to 208.149.231.82 53 setup 00900 0 0 allow tcp from any to 208.149.231.82 80 setup 00910 0 0 allow tcp from any to 208.149.231.82 80 in recv xl1 00920 0 0 allow tcp from any to 208.149.231.82 3128 in recv = xl1 01000 1998 87912 allow tcp from 208.149.231.80/30 to any setup 01100 2280 108308 allow tcp from 129.1.1.0/24 to any setup 01200 0 0 allow tcp from 208.149.231.26 to 208.149.231.82 21 = setup 01300 2 96 allow tcp from 208.149.231.26 to 208.149.231.82 23 = setup 01400 3364 421409 allow udp from any 53 to any 01500 8587 557142 allow udp from any to any 53 01600 501 38076 allow udp from any 123 to 208.149.231.82 01700 522 39672 allow udp from 208.149.231.82 to any 123 01800 19 1096 allow icmp from any to any 01850 0 0 allow tcp from any to any 110 setup 02100 2 88 allow tcp from any to any 113 in recv xl1 02200 0 0 allow tcp from any to any 113 out xmit xl1 10000 0 0 deny log tcp from any to any 10100 3615 410766 deny log udp from any to any 65535 0 0 deny ip from any to any gateway# ------=_NextPart_000_0009_01BEDF5D.AA17ED80-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000801bedf87$92edf580$0fc8a8c0>