From owner-freebsd-security  Thu Jun  7  7: 0:12 2001
Delivered-To: freebsd-security@freebsd.org
Received: from neo.spbnit.ru (mail.spbnit.ru [212.48.192.115])
	by hub.freebsd.org (Postfix) with ESMTP id 3872237B405
	for <freebsd-security@FreeBSD.ORG>; Thu,  7 Jun 2001 07:00:04 -0700 (PDT)
	(envelope-from nikolaj@mail.spbnit.ru)
Received: from 213.221.48.81 (ppp81-spb-213-221-48.sovintel.ru [213.221.48.81] (may be forged))
	by neo.spbnit.ru (8.9.3+mPOP/8.9.3) with ESMTP id SAA36640
	for <freebsd-security@FreeBSD.ORG>; Thu, 7 Jun 2001 18:00:00 +0400 (MSD)
Date: Thu, 7 Jun 2001 18:00:37 +0400
From: "Nikolaj I. Potanin" <nikolaj@mail.spbnit.ru>
X-Mailer: The Bat! (v1.51)
Reply-To: "Nikolaj I. Potanin" <nikolaj@mail.spbnit.ru>
Organization: Magistral Merkantil AB
X-Priority: 3 (Normal)
Message-ID: <1569370004.20010607180037@mail.spbnit.ru>
To: freebsd-security@FreeBSD.ORG
Subject: ipfw and icq
In-Reply-To: <009e01c0ef55$da422340$9201a8c0@home.net>
References: 
 <Pine.BSF.4.30_heb2.09.0106061220000.50496-100000@slis-two.lis.fsu.edu>
 <009e01c0ef55$da422340$9201a8c0@home.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello to every GURU in this list!

I'm a novice in this world :) and I have problem configuring
firewall(ipfw) and icq on my FreeBSD4.2-box. I'm using a PPP connection
to my ISP and therefore there are some differences in configuring ipfw
(or not?). Everything works perfect, firewall filters all is has to, but
I didn't manage to connect to my favorite icq.mirabilis.com:4000 %)I
know that I should add something like

$fwcmd add allow udp from any to any 4000

But it doesn't work!

Here is my fwrules-file:

fwcmd="/sbin/ipfw"
$fwcmd -f flush
$fwcmd add divert natd all from any to any via tun0
$fwcmd add allow ip from any to any via lo0
$fwcmd add allow tcp from any to any out xmit tun0 setup
$fwcmd add allow tcp from any to any via tun0 established
$fwcmd add allow tcp from any to any 80 setup
$fwcmd add allow tcp from any to any 22 setup
$fwcmd add reset log tcp from any to any 113 in recv tun0
$fwcmd add allow udp from any to MY_ISP'S_DNS_NUMBER 53 out xmit tun0
$fwcmd add allow udp from MY_ISP'S_DNS_NUMBER 53 to any in recv tun0
$fwcmd add 65435 allow icmp from any to any
$fwcmd add 65435 deny log ip from any to any

Maybe it's beacause of [options TCP_RESTRICT_RST] option added to my
CUSTOM_KERNEL config file? Any ideas about this problem?

Thanks in advance,

==
Nikolaj I. Potanin
http://www.physto.se/~nikolaj
UIN: 20582042



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message