From owner-freebsd-questions Fri Jul 30 4:36:51 1999 Delivered-To: freebsd-questions@freebsd.org Received: from apriori.net (paz.static.shore.net [209.192.153.107]) by hub.freebsd.org (Postfix) with ESMTP id EADC1156B8 for ; Fri, 30 Jul 1999 04:36:47 -0700 (PDT) (envelope-from paz@apriori.net) Received: from localhost (paz@localhost) by apriori.net (8.8.8/8.8.8) with ESMTP id HAA13356; Fri, 30 Jul 1999 07:32:49 -0400 (EDT) (envelope-from paz@apriori.net) Date: Fri, 30 Jul 1999 07:32:49 -0400 (EDT) From: paz To: Andrew Johns Cc: freebsd-questions@FreeBSD.ORG Subject: RE: ipchains in FreeBSD In-Reply-To: <001001beda4a$0e51ceb0$4001a8c0@tasajohns.turnaround.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG : No problem - fire up: : 'tcpdump -s 1600 -x -w tcp.output' : and then use something like ethereal to analyse the output, so that you : can identify where it is failing and thence, why it is so. Then you'll : be able to add rules to allow those packets back and forth through your : firewall - I'd imagine that they'd be something along the lines of: : : ipfw add allow tcp 3568 from any to in : ipfw add allow tcp 3569 from to any out : These rules assume that it's using tcp, if not sub in udp instead. You : may also want to limit the to a specified set of servers. I'll try your suggestion. For the record, I wrote several dozen rules as you show above, without success; the only "progress" I seemed to make was in being able to quiet messages to the console which inform me of ipfw rule failures. cheers - -- Philip. : > -----Original Message----- : > From: paz [mailto:paz@apriori.net] : > Sent: Friday, 30 July 1999 13:38 : > To: Andrew Johns : > Cc: freebsd-questions@FreeBSD.ORG : > Subject: RE: ipchains in FreeBSD : > : > : > : > On Fri, 30 Jul 1999, Andrew Johns wrote: : > : > : > : > : > I have a FreeBSD host on the internet full-time (apriori.net) with : > : > appropriate firewall daemons running, but it fails to allow : > : > some traffic : > : > generated by other machines (admittedly Windows-based) on my : > : : [snip] : : > mode. Here was their reply: : > : > (included text) : > =============================== : > Date: 29 Apr 1999 12:33:42 -0700 : > From: Support Inet : > To: paz : > Subject: Re: Delta Force black scree : > : > Delta Force will not connect properly through a proxy server, : > due to the way proxy servers manage your ports. Delta Force : > uses dynamic ports, but these are not in line with proxy : > port routing. For those of you with firewalls, you can try : > ports 0x0df0 and 0x0df1 (3568 and 3569). : > : > NovaLogic Tech. Support : > =============================== : > (end included text) : > : > cheers - : > -- Philip. : > : > philip zimmermann paz@apriori.net : > www.apriori.net ayer, ma usa : > : > : cheers - -- Philip. philip zimmermann paz@apriori.net www.apriori.net ayer, ma usa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message