From owner-freebsd-security Sun Aug 19 18: 3: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18]) by hub.freebsd.org (Postfix) with ESMTP id BC1FD37B414 for ; Sun, 19 Aug 2001 18:02:53 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [fec0::1:12]) by Awfulhak.org (8.11.5/8.11.5) with ESMTP id f7K12dv00955; Mon, 20 Aug 2001 02:02:39 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.4/8.11.4) with ESMTP id f7K12bU08800; Mon, 20 Aug 2001 02:02:37 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200108200102.f7K12bU08800@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: "reza jamshid" Cc: freebsd-security@FreeBSD.ORG, brian@freebsd-services.com Subject: Re: getting DCC fully functioning with ipnat/ipf In-Reply-To: Message from "reza jamshid" of "Mon, 20 Aug 2001 07:47:38 +0930." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 20 Aug 2001 02:02:37 +0100 From: Brian Somers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Given that you're nat'ing on tun0, I guess you might be using ppp(8). If you are, throw away your ipnat/ipf stuff and just use ppp's -nat switch instead. It gets DCC right (as well as other things like pings, traceroute, active ftp etc (pings may be fixed in ipnat these days - I don't know for sure though)). > Hi, > > Up until now my firewall/router (FreeBSD 4.3) works fine, but I havent been > able to get DCC resuming and send to work from a machine inside my network. > > I'm not sure if this has anything to do with my current rules setup, or if i > am missing something. > > >cat /etc/ipnat.rules > > map ed0 192.168.1.0/24 -> 0/32 > > >cat /etc/ipf.rules > > # Pass everything out of tun0 > > block out all > pass out quick on lo0 all > pass out quick on ed1 all > pass out quick on tun0 proto tcp all flags S/SA keep state keep frags > pass out quick on tun0 proto udp all keep state keep frags > pass out quick on tun0 proto icmp all keep state keep frags > pass out quick on tun0 all > > # Pass lo0 and dc0, block the rest > > block in log all > pass in quick on lo0 all > pass in quick on ed1 all > > > I was told that I need to install an irc proxy like tircproxy? > > Has anyone done this successfully and can help shed some light? > > > TIA -- Brian http://www.freebsd-services.com/ Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message