From owner-freebsd-net Thu Jul 25 20:15:43 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 65FF237B400 for ; Thu, 25 Jul 2002 20:15:40 -0700 (PDT) Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7D4F43E6E for ; Thu, 25 Jul 2002 20:15:39 -0700 (PDT) (envelope-from archie@dellroad.org) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id UAA91383; Thu, 25 Jul 2002 20:03:48 -0700 (PDT) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g6Q32fm93617; Thu, 25 Jul 2002 20:02:41 -0700 (PDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200207260302.g6Q32fm93617@arch20m.dellroad.org> Subject: Re: mpd & ipfw (keep denying port 1900/udp?!) In-Reply-To: <007f01c233c7$43aaa300$0301a8c0@dpws> "from Dennis Pedersen at Jul 25, 2002 12:37:24 pm" To: Dennis Pedersen Date: Thu, 25 Jul 2002 20:02:41 -0700 (PDT) Cc: freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dennis Pedersen writes: > simply can get throug unless i flush my firewall rules. > In the ipfw log i have the following entry (192.168.2.43 in the workstation > on the inside of the fw i'm trying from and 2.88 in the internal interface > in the fw) > Jul 25 13:22:32 fw /kernel: ipfw: 900 Deny UDP 192.168.2.43:1067 > 192.168.2.88:1900 in via xl0 > Jul 25 13:22:57 fw /kernel: ipfw: 900 Deny UDP 192.168.2.43:1067 > 192.168.2.88:1900 in via xl0 > Jul 25 13:23:22 fw /kernel: ipfw: 900 Deny UDP 192.168.2.43:1067 > 192.168.2.88:1900 in via xl0 > > I don't get it, where does the UDP packet enter the picture? , in the fw > rules i have allow gre from any to any and pptp from any to any (i have one > rule that allows pptp port as src and one as dst). > What am i missing here about the udp port? > Is it always the same port ? (then i can simply just allow 1900/udp, but if > i changes all the time that wont help me much..) PPTP doesn't use UDP, so I have no idea what the UDP is from. PPTP only uses TCP port 1723 and IP prototcol #47 (GRE). Are you sure your firewall rules are not blocking something else as well, but not logging it? -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message