From owner-freebsd-questions  Sun May 10 23:01:34 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA16756
          for freebsd-questions-outgoing; Sun, 10 May 1998 23:01:34 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from fanfic.org (fanfic.org [205.150.35.145])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA16748
          for <freebsd-questions@FreeBSD.ORG>; Sun, 10 May 1998 23:01:28 -0700 (PDT)
          (envelope-from dstenn@fanfic.org)
Received: from fanfic.org (localhost.fanfic.org [127.0.0.1])
	by fanfic.org (8.8.8/8.8.8) with SMTP id CAA13268
	for <freebsd-questions@FreeBSD.ORG>; Mon, 11 May 1998 02:00:58 -0400 (EDT)
	(envelope-from dstenn@fanfic.org)
Posted-Date: Mon, 11 May 1998 02:00:58 -0400 (EDT)
Date: Mon, 11 May 1998 02:00:57 -0400 (EDT)
From: Dennis Tenn <dstenn@fanfic.org>
To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: Firewall and talkd
In-Reply-To: <Pine.BSF.3.96.980510041830.436A-100000@fanfic.org>
Message-ID: <Pine.BSF.3.96.980511015635.355I-100000@fanfic.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, 10 May 1998, Dennis Tenn wrote:

| On Sat, 9 May 1998, Doug White wrote:
| 
| | > I've successfully configured my firewall except now I'd like to allow talk
| | > sessions to and from my computer but all I've done so far has failed.
| | > I've added rules to allow all my other services but talk is still giving
| | > me grief.  I know that talkd uses port 517 but even after I've allowed udp
| | > through this port I get the following errors.  My current firewall option
| | > is set to 'client'.
| | 
| | Try allowing tcp too.
| 
| I did but talk works via udp.  Even with tcp the same results.

I finally figured out my problem.  I had to allow for the traffic to pass
both ways on various ports.  It seems that the rules I added were only
half done.  I'm not sure if I've specified too much in my rules but it
seems to work.  Here is what I've added..

    # Allow talk and ntalk Services
    $fwcmd add pass log udp from ${ip} 30000-65535 to any 517
    $fwcmd add pass log udp from any 30000-65535 to ${ip} 517
    $fwcmd add pass log udp from ${ip} 517 to any 30000-65535
    $fwcmd add pass log udp from any 517 to ${ip} 30000-65535
    $fwcmd add pass log udp from ${ip} 1000-5000 to any 518
    $fwcmd add pass log udp from any 1000-5000 to ${ip} 518
    $fwcmd add pass log udp from ${ip} 518 to any 1000-5000
    $fwcmd add pass log udp from any 518 to ${ip} 1000-5000

As you can see I'm also logging connections via the talk or ntalk ports.
Results seem to indicate that it works since I've been able to
successfully connect to and from a remote machine.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
   Dennis Tenn       *   There will always come a time
   dstenn@fanfic.org   *   When your love will be tested
   ICQ# 1457509          *   Stand tall and rise to the occasion
                           *   For only then will you grow strong.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message