From owner-freebsd-current@freebsd.org Tue Aug 25 10:02:42 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 67D6099A656 for ; Tue, 25 Aug 2015 10:02:42 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 42824D26 for ; Tue, 25 Aug 2015 10:02:41 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-243-143.lns20.per4.internode.on.net [121.45.243.143]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id t7PA2TP1004478 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 25 Aug 2015 03:02:32 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: ipfw rules for connect port 993 To: =?UTF-8?Q?Petr_Chochol=c3=a1=c4=8d?= , freebsd-current@freebsd.org References: <55DB16B7.2000602@gyrec.cz> From: Julian Elischer Message-ID: <55DC3D30.2070500@freebsd.org> Date: Tue, 25 Aug 2015 18:02:24 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <55DB16B7.2000602@gyrec.cz> Content-Type: text/plain; charset=iso-8859-2; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 10:02:42 -0000 On 8/24/15 9:05 PM, Petr Chocholáč wrote: > Hello, > > I would like to ask you for advice. I can not connect to > imap.gmail.com on port 993 from my local network. My LAN is behind > freeBSD server with IPFW. Server has two network cards rl0=Internet > and re0=LAN(10.0.0.0/16). Tcpdump on re0 shows three SYN packets > without answers. What rules should i create? > > I tried someting like this, without success: > #ipfw add 01500 allow ip from 10.0.0.0/16 to any in via re0 are you doing nat? the syn packets are going which way? on which interface did you do the tcpdump? what does the rest of the firewall look like? is it a standard one? what are the settings? > > > > Thank you very much for any advice and your patience > > Petr Chocholáč > Brno, Czech Republic > > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org" > >