From owner-freebsd-ipfw Wed Aug 1 18:38:23 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from grumpy.dyndns.org (user-24-214-76-217.knology.net [24.214.76.217]) by hub.freebsd.org (Postfix) with ESMTP id DA51B37B401 for ; Wed, 1 Aug 2001 18:38:17 -0700 (PDT) (envelope-from dkelly@grumpy.dyndns.org) Received: from localhost (localhost [127.0.0.1]) by grumpy.dyndns.org (8.11.3/8.11.3) with ESMTP id f721bnx84229; Wed, 1 Aug 2001 20:37:49 -0500 (CDT) (envelope-from dkelly@grumpy.dyndns.org) Message-Id: <200108020137.f721bnx84229@grumpy.dyndns.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: "alexus" Cc: freebsd-ipfw@FreeBSD.ORG From: David Kelly Subject: Re: pcAnywhere In-reply-to: Message from "alexus" of "Wed, 01 Aug 2001 19:28:51 EDT." <009d01c11ae1$b95f2a30$0d00a8c0@alexus> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 01 Aug 2001 20:37:49 -0500 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "alexus" writes: > how would i do that? If your ipfw rules are derived from the standard FreeBSD /etc/rc.firewall then the last rule applied is probably the one blocking pcAnywhere: ${fwcmd} add deny ip from any to any so add the word "log" as shown below: ${fwcmd} add deny log ip from any to any Then "ipfw -a list" from the shell will show your current rules and how many hits on each rule. OK, a bit easier from the top. Make sure ipfw is running and discover what rules are being applied at this moment: ipfw -a list Study the output of the above for whatever rule you suspect is blocking pcAnywhere. In my case its probably this one (have deleted the rest): 02400 7319 938531 deny log ip from any to any But as you can see I'm already logging it. If I wasn't then without messing with /etc/rc.firewall (or where ever your rules come from) we could manually insert a rule in front of the above on the fly without hurting anything in progress (no reboot, also assuming ipfw logging is enabled): ipfw add 2390 deny log ip from any to any Then "ipfw -a list" might show (once again I've only cut/pasted the lines which apply to our discussion): 02390 0 0 deny log ip from any to any 02400 7320 938859 deny log ip from any to any Now, when pcAnywhere hits your system and tries to get thru you should see something about it in /var/log/security. Here is the closest thing I can find at the moment in my log: Aug 1 20:24:51 grumpy /kernel: ipfw: 2400 Deny UDP 24.214.56.96:50329 24.214.63.26:67 in via fxp0 The above says port 50329 at 24.214.56.96 tried UDP to my port 67. You'll find something like that telling you what the pcAnywhere is trying to get thru. You'll know its pcAnywhere because you know the IP address of the PC. Others have already said pcAnywhere uses a range of ports, and the range depends on what version it is. Once you have found where the blockage is you can manually add/delete ipfw rules one at a time from the shell command line as we did above. I'm going to clean up my mess: ipfw delete 2390 -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message