From owner-freebsd-questions Fri Mar 3 2:40:22 2000 Delivered-To: freebsd-questions@freebsd.org Received: from ns2.infologigruppen.se (ns2.infologigruppen.se [212.214.163.69]) by hub.freebsd.org (Postfix) with ESMTP id 91EF037B5F3 for ; Fri, 3 Mar 2000 02:40:14 -0800 (PST) (envelope-from Goran.Lowkrantz@infologigruppen.se) Received: (from uucp@localhost) by ns2.infologigruppen.se (8.9.3/8.9.3) id LAA01936; Fri, 3 Mar 2000 11:40:04 +0100 (CET) (envelope-from Goran.Lowkrantz@infologigruppen.se) Received: from valhall.ign.se(192.168.3.1) via SMTP by bifrost-net.ign.se, id smtpdAY1934; Fri Mar 3 11:40:01 2000 Received: by valhall.ign.se with Internet Mail Service (5.5.2448.0) id <1S9R5SB1>; Fri, 3 Mar 2000 11:40:20 +0100 Message-ID: From: "Lowkrantz, Goran" To: "'Marc Silver'" , "Lowkrantz, Goran" Cc: freebsd-questions@FreeBSD.ORG Subject: RE: Attach to server on FW breaks Date: Fri, 3 Mar 2000 11:40:17 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="windows-1252" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi Mark, 01300 allow tcp from any to any established I have the line you refer to. Its before the one that I added for the server (03900). Cheers, GLZ > -----Original Message----- > From: Marc Silver [mailto:marcs@is.co.za] > Sent: Friday, March 03, 2000 11:36 AM > To: Lowkrantz, Goran > Cc: freebsd-questions@FreeBSD.ORG > Subject: Re: Attach to server on FW breaks > > > Have you got something like this in your firewall config? > > # Allow TCP through if setup succeeded > $fwcmd add pass tcp from any to any established > > This is taken from /etc/rc.firewall. What it sounds like to me (and I > could be wrong) is that the connection is being accepted and then > afterwards the packets are being truncated by the firewall because you > don't have that line in. > > Try it and hopefully it will work. > > Cheers, > Marc > > On Fri, Mar 03, 2000 at 10:34:36AM +0100, Lowkrantz, Goran wrote: > > > > I am totaly at loss with this, just don't understand why it > does not work > > and can't find anything in the archives. Please enlighten me. > > > > I have a FW based on FreeBSD 3.4-STABLE with ipfw. On this > I try to run a > > server listening to the external interface. I have added > the following rule: > > > > allow log tcp from X.X.X.X to Y.Y.Y.Y Z setup > > > > When connecting, I get the following entry in the log: > > > > Mar 3 10:03:22 ns2 /kernel: ipfw: 3900 Accept TCP > X.X.X.X:13955 Y.Y.Y.Y:Z > > in via xl0 > > > > and they both wait for the client to send the first data. > On the first send > > from the client, the connection is broken and the server > receives an EOF. > > > > I have the server in hosts.allow and even tested with an > ALL:ALL:allow first > > rule but it's the same either way. And yes, rebooted > between test to make > > sure it was seen. > > > > I just don't understand whats happening, as the filterline > before this is > > the smtpd accept line, looking like this > > > > allow log tcp from any to Y.Y.Y.Y 25 setup > > > > and it works! > > > > I need new ideas!! > > > > Cheers, > > GLZ > > > > --- > > Goran Lowkrantz Email : > goran.lowkrantz@infologigruppen.se > > Infologigruppen Alfa AB Telephone: Nat 070-587 8782 Fax: > Nat 070-615 > > 8782 > > Box 202 Int +46 70-587 8782 > Int +46 70-615 > > 8782 > > 941 25 Pitea, Sweden > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > > Marc Silver > IS Hosting Infrastructure > The Internet Solution > Tel: (+27 11) 283 5500 > Fax: (+27 11) 283 5001 > E-mail: marcs@is.co.za > Web: www.is.co.za > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message