Date: Fri, 30 Jul 1999 07:32:49 -0400 (EDT) From: paz <paz@apriori.net> To: Andrew Johns <A_Johns@TurnAround.com.au> Cc: freebsd-questions@FreeBSD.ORG Subject: RE: ipchains in FreeBSD Message-ID: <Pine.BSF.4.10.9907300730300.13342-100000@gw.apriori.net> In-Reply-To: <001001beda4a$0e51ceb0$4001a8c0@tasajohns.turnaround.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
: No problem - fire up: : 'tcpdump -s 1600 -x -w tcp.output' : and then use something like ethereal to analyse the output, so that you : can identify where it is failing and thence, why it is so. Then you'll : be able to add rules to allow those packets back and forth through your : firewall - I'd imagine that they'd be something along the lines of: : : ipfw add <rule_number> allow tcp 3568 from any to <internal_ip> in : ipfw add <rule_number+1> allow tcp 3569 from <internal_ip> to any out : These rules assume that it's using tcp, if not sub in udp instead. You : may also want to limit the <any> to a specified set of servers. I'll try your suggestion. For the record, I wrote several dozen rules as you show above, without success; the only "progress" I seemed to make was in being able to quiet messages to the console which inform me of ipfw rule failures. cheers - -- Philip. : > -----Original Message----- : > From: paz [mailto:paz@apriori.net] : > Sent: Friday, 30 July 1999 13:38 : > To: Andrew Johns : > Cc: freebsd-questions@FreeBSD.ORG : > Subject: RE: ipchains in FreeBSD : > : > : > : > On Fri, 30 Jul 1999, Andrew Johns wrote: : > : > : > : > : > I have a FreeBSD host on the internet full-time (apriori.net) with : > : > appropriate firewall daemons running, but it fails to allow : > : > some traffic : > : > generated by other machines (admittedly Windows-based) on my : > : : [snip] : : > mode. Here was their reply: : > : > (included text) : > =============================== : > Date: 29 Apr 1999 12:33:42 -0700 : > From: Support Inet <support@novalogic.com> : > To: paz <paz@apriori.net> : > Subject: Re: Delta Force black scree : > : > Delta Force will not connect properly through a proxy server, : > due to the way proxy servers manage your ports. Delta Force : > uses dynamic ports, but these are not in line with proxy : > port routing. For those of you with firewalls, you can try : > ports 0x0df0 and 0x0df1 (3568 and 3569). : > : > NovaLogic Tech. Support : > =============================== : > (end included text) : > : > cheers - : > -- Philip. : > : > philip zimmermann paz@apriori.net : > www.apriori.net ayer, ma usa : > : > : cheers - -- Philip. philip zimmermann paz@apriori.net www.apriori.net ayer, ma usa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907300730300.13342-100000>