Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Aug 2001 02:02:37 +0100
From:      Brian Somers <brian@Awfulhak.org>
To:        "reza jamshid" <rezaj_@hotmail.com>
Cc:        freebsd-security@FreeBSD.ORG, brian@freebsd-services.com
Subject:   Re: getting DCC fully functioning with ipnat/ipf 
Message-ID:  <200108200102.f7K12bU08800@hak.lan.Awfulhak.org>
In-Reply-To: Message from "reza jamshid" <rezaj_@hotmail.com>  of "Mon, 20 Aug 2001 07:47:38 %2B0930." <F140318XjHDCHBDOVhs00011ad5@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Given that you're nat'ing on tun0, I guess you might be using ppp(8).

If you are, throw away your ipnat/ipf stuff and just use ppp's -nat 
switch instead.  It gets DCC right (as well as other things like 
pings, traceroute, active ftp etc (pings may be fixed in ipnat these 
days - I don't know for sure though)).

> Hi,
> 
> Up until now my firewall/router (FreeBSD 4.3) works fine, but I havent been 
> able to get DCC resuming and send to work from a machine inside my network.
> 
> I'm not sure if this has anything to do with my current rules setup, or if i 
> am missing something.
> 
> >cat /etc/ipnat.rules
> 
> map ed0 192.168.1.0/24 -> 0/32
> 
> >cat /etc/ipf.rules
> 
> # Pass everything out of tun0
> 
> block out all
> pass out quick on lo0 all
> pass out quick on ed1 all
> pass out quick on tun0 proto tcp all flags S/SA keep state keep frags
> pass out quick on tun0 proto udp all keep state keep frags
> pass out quick on tun0 proto icmp all keep state keep frags
> pass out quick on tun0 all
> 
> # Pass lo0 and dc0, block the rest
> 
> block in log all
> pass in quick on lo0 all
> pass in quick on ed1 all
> 
> 
> I was told that I need to install an irc proxy like tircproxy?
> 
> Has anyone done this successfully and can help shed some light?
> 
> 
> TIA

-- 
Brian <brian@freebsd-services.com>                <brian@Awfulhak.org>
      http://www.freebsd-services.com/        <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour !      <brian@[uk.]OpenBSD.org>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108200102.f7K12bU08800>