From owner-freebsd-questions  Thu Sep  6  4:18:35 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from femail15.sdc1.sfba.home.com (femail15.sdc1.sfba.home.com [24.0.95.142])
	by hub.freebsd.org (Postfix) with ESMTP id 0225237B40C
	for <freebsd-questions@FreeBSD.ORG>; Thu,  6 Sep 2001 04:18:31 -0700 (PDT)
Received: from x1-6-00-50-ba-de-36-33.kico1.on.home.com ([24.141.119.162])
          by femail15.sdc1.sfba.home.com
          (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP
          id <20010906111830.DEDC23328.femail15.sdc1.sfba.home.com@x1-6-00-50-ba-de-36-33.kico1.on.home.com>;
          Thu, 6 Sep 2001 04:18:30 -0700
Received: from localhost (genisis@localhost)
	by x1-6-00-50-ba-de-36-33.kico1.on.home.com (8.11.3/8.11.3) with ESMTP id f86BNeb27315;
	Thu, 6 Sep 2001 07:23:41 -0400 (EDT)
	(envelope-from genisis@istar.ca)
X-Authentication-Warning: x1-6-00-50-ba-de-36-33.kico1.on.home.com: genisis owned process doing -bs
Date: Thu, 6 Sep 2001 07:23:40 -0400 (EDT)
From: Dru <genisis@istar.ca>
X-X-Sender:  <genisis@x1-6-00-50-ba-de-36-33.kico1.on.home.com>
To: Cary <scattered@babel.acu.edu>
Cc: Bill Moran <wmoran@iowna.com>,
	freebsd-questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: dhclient problems (w/ ipfw show)
In-Reply-To: <Pine.LNX.4.10.10109052051360.4932-100000@babel.acu.edu>
Message-ID: <20010906072047.U27292-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


Hi Cary,

On Wed, 5 Sep 2001, Cary wrote:

> 00100      0        0 allow ip from any to any via lo0
> 00200      0        0 deny ip from any to 127.0.0.0/8
> 00300      0        0 deny ip from 127.0.0.0/8 to any
> 00400    527    36501 allow ip from 150.252.106.57 to 150.252.104.0/21
> 00500    498   249731 allow ip from 150.252.104.0/21 to 150.252.106.57
> 00600  13973  1096248 allow tcp from any to any established
> 00700      0        0 allow ip from any to any frag
> 00800      0        0 allow tcp from any to 150.252.106.57 25 setup
> 00900      5      220 allow tcp from 150.252.106.57 to any setup
> 01000     19     1120 deny tcp from any to any setup
> 01100      6      478 allow udp from 150.252.106.57 to any 53
> keep-state
> 01200   3894   295944 allow udp from 150.252.106.57 to any 123
> keep-state
> 65535 103876 14505389 deny ip from any to any
> ## Dynamic rules:
> 01200 1 76 (T 10, # 82) ty 0 udp, 150.252.106.57 123 <->
> 150.252.128.107 123
> 01200 0 0 (T 17, # 92) ty 0 udp, 150.252.106.57 123 <-> 132.163.4.101
> 123
> 01200 3 228 (T 10, # 113) ty 0 udp, 150.252.106.57 123 <->


I don't see any rules to allow in UDP at port 67. You should also let in
some ICMP, as per those tutorials I mentioned earlier.

HTH,

Dru


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message