Date: Thu, 10 Aug 2000 08:49:19 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Chris Silva <bitsurfer@mediaone.net> Cc: FreeBSD-IPFW@FreeBSD.ORG Subject: Re: IRC identing from client through FBSD firewall. Message-ID: <20000810084919.E5405@149.211.6.64.reflexcom.com> In-Reply-To: <KCELIGPCPGAIDMNBHMOGCEFCDBAA.bitsurfer@mediaone.net>; from bitsurfer@mediaone.net on Thu, Aug 10, 2000 at 06:20:22AM -0500 References: <KCELIGPCPGAIDMNBHMOGCEFCDBAA.bitsurfer@mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 10, 2000 at 06:20:22AM -0500, Chris Silva wrote: > When I access IRC via a windows box on my internal network, going trough a > cable modem, I get this error: > > natd[162]: failed to write packet back (Permission denied) > > My main concern, it to use IRC on the intranet boxen and have auth work - so > I can access EFNet and DALNet. > > This happens when identd is access. I can get out doing everything I need > to, but I just cant get identd to work. [snip] > ------------------ ipfw list > 00050 divert 8668 ip from any to any via xl0 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 10.0.0.0/8 to any in recv xl0 > 00400 deny ip from 204.210.189.0/24 to any in recv fxp0 > 00500 deny ip from 0.0.0.0/8 to any via xl0 > 00600 deny ip from any to 0.0.0.0/8 via xl0 > 00700 deny ip from 169.254.0.0/16 to any via xl0 > 00800 deny ip from any to 169.254.0.0/16 via xl0 > 00900 deny ip from 192.0.2.0/24 to any via xl0 > 01000 deny ip from any to 192.0.2.0/24 via xl0 > 01100 deny ip from 224.0.0.0/4 to any via xl0 > 01200 deny ip from any to 224.0.0.0/4 via xl0 > 01300 deny ip from 240.0.0.0/4 to any via xl0 > 01400 deny ip from any to 240.0.0.0/4 via xl0 > 01500 allow tcp from any to any established > 01600 allow ip from any to any frag > 01700 allow tcp from any to 204.210.189.38 25 setup > 01800 allow tcp from any to 204.210.189.38 53 setup > 01900 allow udp from any to 204.210.189.38 53 > 02000 allow udp from 204.210.189.38 53 to any > 02100 allow tcp from any to 204.210.189.38 80 setup > 02200 allow tcp from any to any setup > 02300 allow udp from any 53 to 204.210.189.38 > 02400 allow udp from 204.210.189.38 to any 53 > 02500 allow udp from any 123 to 204.210.189.38 > 02600 allow udp from 204.210.189.38 to any 123 > 02700 allow tcp from any to any 22 in recv 204.210.189.38 setup > 02800 allow icmp from any to any via fxp0 > 02900 allow icmp from any to any out xmit xl0 icmptype 8 > 03000 allow icmp from any to any in recv xl0 icmptype 0 > 03100 allow icmp from any to any via xl0 icmptype 3,4,11,12 > 03200 deny icmp from any to any > 63000 deny ip from any to 0.0.0.255:0.0.0.255 in recv xl0 > 64000 deny log udp from any to any 137-139 in recv xl0 > 65000 deny ip from any to any via xl0 > 65535 allow ip from any to any Well, I don't see any rules about allowing incoming ident connections (113/tcp). I'll assume you know how to set up the firewall box to be an auth proxy for the Win machine since I wouldn't know where to start. -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000810084919.E5405>