From owner-freebsd-questions  Sat May 23 16:07:11 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA18480
          for freebsd-questions-outgoing; Sat, 23 May 1998 16:07:11 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from server4.mpcbbs.com.br (server4.mpc.com.br [200.246.0.252])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA18466
          for <freebsd-questions@FreeBSD.ORG>; Sat, 23 May 1998 16:06:57 -0700 (PDT)
          (envelope-from capriotti@geocities.com)
Received: from hot_nt (zex@d1p34.mpcnet.com.br [200.246.29.98])
	by server4.mpcbbs.com.br (8.8.6/8.8.6) with SMTP id UAA06107;
	Sat, 23 May 1998 20:06:35 -0300 (EST)
Message-Id: <3.0.32.19691231210000.00bbb100@pop.mpc.com.br>
X-Sender: capriotti@pop.mpc.com.br
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Sat, 23 May 1998 20:04:43 -0300
To: "J.A. Terranson" <sysadmin@mfn.org>
From: Capriotti <capriotti@geocities.com>
Subject: RE: IPFW  and pop3/irc - loooong wait
Cc: freebsd-questions@FreeBSD.ORG
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I would LOVE to have a copy of your rule set.

I'm spining my wheel here trying to set up mine with an extra problem:
Samba attempts to dial whenever the machine is started, and, probably,
everytime it has some ns lookup. 

To prevent this dialing, I have set porst udp/tcp 137-139 to ed1 only.

It worked great, but, now, for some reason which I could't understand till
now, calls from browsers, email clients, irc clients, are not causing ppp
to dial;

I found out that, if I allow port 53 - DNS - to be avaliable from any to
any, I can make them work, but then Samba starts ppp dialing again.

If you can send me your rule set, I will study it hard, to see if I can get
some light on this.

TIA !



At 05:55 PM 5/23/98 -0500, you wrote:
>> Your problem is that you are blocking IDENT requests.  If you dont mind 
>servicing these (they are very low risk services) simply allow port 113 (tcp)
>to function.
>
>BTW: I just found out that 113 is being widely used for some other services
>too: like smtp reverse lookups.
>
>We allow 113 subject to some pretty tight rules, if you like, I can send
you a
>copy of our rulesets.
>
>J.A. Terranson
>sysadmin@mfn.org
>
>
>
>
>The following rule:
>
># Reject&Log all setup of incoming connections from the outside
>    $fwcmd add 300 deny log tcp from any to any in via ${oif} setup
>
>is causing pop3 (when sending msgs) and IRC (when connecting; port 6667)
>take too long to connect
>
>I get messages like this on the console:
>
>ipfw: 300 Deny tcp 209.104.220.13:4737 200.246.0.15:113 in via tun0
>
>
>is it expected ? (I don't see why... My TCP/IP skills are not that good)
>
>In case it is, is there any workaround for this delay ?
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
>
>
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message