Date: 06 Mar 2003 09:50:54 -0500 From: Aaron Walker <ka0ttic@cfl.rr.com> To: Bill Moran <wmoran@potentialtech.com> Cc: freebsd-questions@freebsd.org Subject: Re: please help: nntp and gaming with ipfw Message-ID: <1046962255.2156.134.camel@ka0ttic> In-Reply-To: <3E675628.2090205@potentialtech.com> References: <1046954586.2146.124.camel@ka0ttic> <3E675628.2090205@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have cut & paste the entire out put from "ipfw show" and ifconfig at the bottom of this message. On Thu, 2003-03-06 at 09:07, Bill Moran wrote: > Aaron Walker wrote: > > I have FreeBSD 4.7 running on my old p100 setup as a firewall.. > > everything works except for 2 things: nntp (it somewhat works) and > > playing a game through the firewall from a windows box (battlefield 1942 > > specifically) > > > > With nntp I can view newsgroups but I get a lot of lag.. more like it > > freezes.. in mozilla mail when I click on a message on a newsgroup, it > > just sits there and says "Loading document..." in the status bar. > > Sometimes it works, but the majority of the time I have that problem I > > know it is not mozilla that is the problem because I can produce it on > > my windows box with other news clients. Here is the output of "ipfw > > show | grep 119" > > > > 00425 30925 1359340 allow tcp from any to any 119 keep-state out > > xmit ep0 setup > > 00426 0 0 allow udp from any to any 119 keep-state out > > xmit ep0 > > 00605 0 0 allow tcp from any 119 to any keep-state in recv > > ep0 setup > > 00606 0 0 allow udp from any 119 to any keep-state in recv > > ep0 > > > > if its not the firewall and these rules are ok, then what else could it > > be? > > I have no idea. There's no way to tell if those rules are OK without the > rest of the firewall rules. Are they before or after your divert rule? Are > there rules before them that could be cacthing traffic and handling it wrong? > > > With Battlefield 1942.. it uses port 14567. I cant get this to work at > > all. > > > > I have the following in my firewall rules: > > > > 00335 0 0 allow tcp from any 14567 to any keep-state out xmit ep0 setup > > > > 00336 0 0 allow udp from any 14567 to any keep-state out xmit ep0 > > > > 00620 0 0 allow tcp from any to any 14567 keep-state in recv ep0 setup > > > > 00621 0 0 allow udp from any to any 14567 keep-state in recv ep0 > > Same problem ... it's almost impossible to diagnose ifpw problems without the > entire ipfw ruleset. > > > any ideas what's wrong with these rules? > > I can give you 1000 guesses ... > > > any help is greatly appreciated. > > Please post the entire ruleset as well as the output from ifconfig. Then we'll > have enough information to make some guesses as to what's wrong. > > -- > Bill Moran > Potential Technologies > http://www.potentialtech.com > 00100 36 1800 allow ip from any to any via lo0 00110 0 0 deny log logamount 100 ip from any to 127.0.0.0/8 00120 0 0 deny log logamount 100 ip from 127.0.0.0/8 to any 00130 0 0 allow tcp from 192.168.1.0 22 to 192.168.1.1 22 in recv xl0 00150 500832 388399050 divert 8668 ip from any to any via ep0 00200 0 0 check-state 00210 1101024 807028279 allow ip from any to any keep-state via xl0 00250 0 0 deny ip from any to any in recv ep0 frag 00260 2227 246865 deny tcp from any to any in recv ep0 established 00300 165208 8180966 allow tcp from any to any 80 keep-state out xmit ep0 setup 00301 2091 533681 allow tcp from any to any 443 keep-state out xmit ep0 setup 00310 0 0 allow tcp from any to 24.95.227.36 53 keep-state out xmit ep0 setup 00311 1240 88966 allow udp from any to 24.95.227.36 53 keep-state out xmit ep0 00312 0 0 allow tcp from any to 24.52.201.67 53 keep-state out xmit ep0 setup 00313 0 0 allow udp from any to 24.52.201.67 53 keep-state out xmit ep0 00314 0 0 allow tcp from any to 24.95.227.34 53 keep-state out xmit ep0 setup 00315 1 67 allow udp from any to 24.95.227.34 53 keep-state out xmit ep0 00316 0 0 allow tcp from any to 24.95.227.35 53 keep-state out xmit ep0 setup 00317 0 0 allow udp from any to 24.95.227.35 53 keep-state out xmit ep0 00330 13 2992 allow tcp from any to any 25 keep-state out xmit ep0 setup 00331 6080 269163 allow tcp from any to any 110 keep-state out xmit ep0 setup 00335 0 0 allow tcp from any 14567 to any keep-state out xmit ep0 setup 00336 0 0 allow udp from any 14567 to any keep-state out xmit ep0 00340 0 0 allow tcp from me to any uid root keep-state out xmit ep0 setup 00342 0 0 allow udp from me to any 33435-33500 keep-state out xmit ep0 00343 0 0 allow log logamount 100 icmp from any to me limit src-addr 2 in recv ep0 icmptype 3,11 00350 48 4613 allow icmp from any to any keep-state out xmit ep0 00375 40 1897 allow tcp from me to any 21 keep-state out xmit ep0 setup 00376 18 728 allow tcp from me to any 10000-65000 keep-state out xmit ep0 setup 00380 0 0 allow tcp from any to any 22 keep-state out xmit ep0 setup 00390 0 0 allow tcp from any to any 23 keep-state out xmit ep0 setup 00396 0 0 allow tcp from any to any 37 keep-state out xmit ep0 setup 00397 0 0 allow udp from any to any 37 keep-state out xmit ep0 00400 0 0 allow tcp from any to any 113 keep-state out xmit ep0 setup 00401 0 0 allow udp from any to any 113 keep-state out xmit ep0 00410 0 0 allow tcp from any to any 194 keep-state out xmit ep0 setup 00411 0 0 allow udp from any to any 194 keep-state out xmit ep0 00412 5066 239724 allow tcp from any to any 5190 keep-state out xmit ep0 00413 0 0 allow udp from any to any 5190 keep-state out xmit ep0 00414 0 0 allow tcp from any to any 43 keep-state out xmit ep0 setup 00415 0 0 allow udp from any to any 43 keep-state out xmit ep0 00425 31145 1370282 allow tcp from any to any 119 keep-state out xmit ep0 setup 00426 0 0 allow udp from any to any 119 keep-state out xmit ep0 00600 0 0 allow tcp from any to any 80 limit src-addr 4 in recv ep0 setup 00605 0 0 allow tcp from any 119 to any keep-state in recv ep0 setup 00606 0 0 allow udp from any 119 to any keep-state in recv ep0 00610 46 2096 allow tcp from any to me 21 limit src-addr 4 in recv ep0 setup 00611 0 0 allow tcp from any 20 to any 1024-49151 limit src-addr 4 out xmit ep0 setup00630 0 0 allow tcp from any to any 14567 keep-state in recv ep0 setup 00635 20 2357 allow log logamount 100 icmp from any to me in recv ep0 icmptype 0,8 00637 0 0 allow tcp from any to any 5190 keep-state in recv ep0 00638 0 0 allow udp from any to any 5190 keep-state in recv ep0 00700 0 0 allow udp from 0.0.0.0 68 to 255.255.255.255 67 in recv ep0 00701 0 0 allow udp from me 68 to 24.95.227.36 67 out xmit ep0 00702 0 0 allow udp from 24.95.227.36 67 to me 68 in recv ep0 00705 12534 4438446 deny udp from any to 255.255.255.255 in recv ep0 00706 0 0 deny udp from 0.0.0.0 to any in recv ep0 00720 0 0 deny log logamount 100 icmp from any to any in recv ep0 icmptype 5 00730 0 0 deny log logamount 100 ip from me to me in recv ep0 00740 0 0 deny log logamount 100 icmp from any to me in recv ep0 icmptype 0,8 65535 8042 1163583 deny ip from any to any ifconfig: xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::260:8ff:feab:c2fb%xl0 prefixlen 64 scopeid 0x1 ether 00:60:08:ab:c2:fb media: Ethernet 10baseT/UTP <full-duplex> ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet6 fe80::260:8ff:feac:d76a%ep0 prefixlen 64 scopeid 0x2 inet 24.26.107.86 netmask 0xfffffe00 broadcast 255.255.255.255 ether 00:60:08:ac:d7:6a media: Ethernet 10baseT/UTP lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 Thanks, Aaron To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1046962255.2156.134.camel>