FreeBSD Mail Archives

Date:      Tue, 1 Jan 2002 21:36:17 -0500
From:      "Joe & Fhe Barbish" <barbish@a1poweruser.com>
To:        "FBSD Questions" <questions@FreeBSD.ORG>
Subject:   RE: IPFW UDP port# 520
Message-ID:  <LPBBIGIAAKKEOEJOLEGOEEPOCKAA.barbish@a1poweruser.com>

index | next in thread | raw e-mail


[-- Attachment #1 --]
For the questions archives here is the solution.
 
First description of problem.
 
After activating my IPFW firewall my log started to fill up
with messages about a packet that was being caught by the
default deny rule which I had added the log option so I 
could see anything unusual. 
This is the log message I was getting.
 
 deny ip from router_addr 520 to my_ISP_static_ip_addr 520 via tun0
 
At first I just added a rule to deny the 520 packet without
logging and just forget it. But about every 30 minutes my ISP 
would hang up the phone line on me, and user ppp -ddial just 
redialed. That�s when I started researching port 520 and found out
that it's a router broadcasting rip.
 
After much playing around I found a group of rules which would 
allow just that 520 rip request from the router ip address through
the firewall and the reply back just to that routers ip address to
satisfy the router's rip request so it would not drop my phone line.
The following 2 rules fixed it.
 
The solution 
 
${fwcmd} add allow udp from router_addr 520 to any via tun0
${fwcmd} add allow icmp from any to router_addr icmptype 3 via tun0
 
This did not stop the routers rip requests, it just stopped the hangups.
 
Thanks to all those who tried to help
Joe

[-- Attachment #2 --]
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">;

<head>
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 9">
<meta name=Originator content="Microsoft Word 9">
<link rel=File-List href="cid:filelist.xml@01C1930C.585F0F40">
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:RelyOnVML/>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:View>Normal</w:View>
  <w:Zoom>0</w:Zoom>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:EnvelopeVis/>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
	{margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
span.EmailStyle15
	{mso-style-type:personal-compose;
	mso-ansi-font-size:12.0pt;
	mso-ascii-font-family:"Courier New";
	mso-hansi-font-family:"Courier New";
	mso-bidi-font-family:Arial;
	color:black;
	font-weight:normal;
	font-style:normal;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
-->
</style>
</head>

<body lang=EN-US style='tab-interval:.5in'>

<div class=Section1>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>For the questions
archives here is the solution.<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>First description of
problem.<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>After activating my IPFW
firewall my log started to fill up<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>with messages about a
packet that was being caught by the<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>default deny rule which I
had added the log option so I <o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>could see anything
unusual. <o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>This is the log message I
was getting.<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'><span
style="mso-spacerun: yes">�</span>deny ip from router_addr 520 to my_ISP_static_ip_addr
520 via tun0<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>At first I just added a
rule to deny the 520 packet without<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>logging and just forget
it. But about every 30 minutes my ISP <o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>would hang up the phone
line on me, and user ppp -ddial just <o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>redialed. That�s when I
started researching port 520 and found out<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>that it's a router
broadcasting rip.<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>After much playing around
I found a group of rules which would <o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>allow just that 520 rip
request from the router ip address through<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>the firewall and the
reply back just to that routers ip address to<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>satisfy the router's rip
request so it would not drop my phone line.<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>The following 2 rules
fixed it.<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>The solution <o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>${fwcmd} add allow udp
from router_addr 520 to any via tun0<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>${fwcmd} add allow icmp
from any to router_addr icmptype 3 via tun0<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>This did not stop the
routers rip requests, it just stopped the hangups.<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>Thanks to all those who
tried to help<o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=EmailStyle15><font size=1 color=black
face="Courier New"><span style='font-size:9.0pt;mso-bidi-font-size:12.0pt;
font-family:"Courier New";mso-bidi-font-family:Arial'>Joe<o:p></o:p></span></font></span></p>

</div>

</body>

</html>

help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LPBBIGIAAKKEOEJOLEGOEEPOCKAA.barbish>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation