Date: Wed, 01 Aug 2001 20:37:49 -0500 From: David Kelly <dkelly@hiwaay.net> To: "alexus" <ml@db.nexgen.com> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: pcAnywhere Message-ID: <200108020137.f721bnx84229@grumpy.dyndns.org> In-Reply-To: Message from "alexus" <ml@db.nexgen.com> of "Wed, 01 Aug 2001 19:28:51 EDT." <009d01c11ae1$b95f2a30$0d00a8c0@alexus>
next in thread | previous in thread | raw e-mail | index | archive | help
"alexus" writes:
> how would i do that?
If your ipfw rules are derived from the standard FreeBSD
/etc/rc.firewall then the last rule applied is probably the one
blocking pcAnywhere:
${fwcmd} add deny ip from any to any
so add the word "log" as shown below:
${fwcmd} add deny log ip from any to any
Then "ipfw -a list" from the shell will show your current rules and how
many hits on each rule.
OK, a bit easier from the top. Make sure ipfw is running and discover
what rules are being applied at this moment:
ipfw -a list
Study the output of the above for whatever rule you suspect is blocking
pcAnywhere. In my case its probably this one (have deleted the rest):
02400 7319 938531 deny log ip from any to any
But as you can see I'm already logging it. If I wasn't then without
messing with /etc/rc.firewall (or where ever your rules come from) we
could manually insert a rule in front of the above on the fly without
hurting anything in progress (no reboot, also assuming ipfw logging is
enabled):
ipfw add 2390 deny log ip from any to any
Then "ipfw -a list" might show (once again I've only cut/pasted the
lines which apply to our discussion):
02390 0 0 deny log ip from any to any
02400 7320 938859 deny log ip from any to any
Now, when pcAnywhere hits your system and tries to get thru you should
see something about it in /var/log/security. Here is the closest thing
I can find at the moment in my log:
Aug 1 20:24:51 grumpy /kernel: ipfw: 2400 Deny UDP 24.214.56.96:50329 24.214.63.26:67 in via fxp0
The above says port 50329 at 24.214.56.96 tried UDP to my port 67.
You'll find something like that telling you what the pcAnywhere is
trying to get thru. You'll know its pcAnywhere because you know the IP
address of the PC. Others have already said pcAnywhere uses a range of
ports, and the range depends on what version it is.
Once you have found where the blockage is you can manually add/delete
ipfw rules one at a time from the shell command line as we did above.
I'm going to clean up my mess:
ipfw delete 2390
--
David Kelly N4HHE, dkelly@hiwaay.net
=====================================================================
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108020137.f721bnx84229>