From owner-freebsd-ipfw Thu Aug 10 8:49:47 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 929C437B52D for ; Thu, 10 Aug 2000 08:49:38 -0700 (PDT) (envelope-from cjc@149.211.6.64.reflexcom.com) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Thu, 10 Aug 2000 08:48:33 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.9.3/8.9.3) id IAA13719; Thu, 10 Aug 2000 08:49:24 -0700 (PDT) (envelope-from cjc) Date: Thu, 10 Aug 2000 08:49:19 -0700 From: "Crist J . Clark" To: Chris Silva Cc: FreeBSD-IPFW@FreeBSD.ORG Subject: Re: IRC identing from client through FBSD firewall. Message-ID: <20000810084919.E5405@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from bitsurfer@mediaone.net on Thu, Aug 10, 2000 at 06:20:22AM -0500 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Aug 10, 2000 at 06:20:22AM -0500, Chris Silva wrote: > When I access IRC via a windows box on my internal network, going trough a > cable modem, I get this error: > > natd[162]: failed to write packet back (Permission denied) > > My main concern, it to use IRC on the intranet boxen and have auth work - so > I can access EFNet and DALNet. > > This happens when identd is access. I can get out doing everything I need > to, but I just cant get identd to work. [snip] > ------------------ ipfw list > 00050 divert 8668 ip from any to any via xl0 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 10.0.0.0/8 to any in recv xl0 > 00400 deny ip from 204.210.189.0/24 to any in recv fxp0 > 00500 deny ip from 0.0.0.0/8 to any via xl0 > 00600 deny ip from any to 0.0.0.0/8 via xl0 > 00700 deny ip from 169.254.0.0/16 to any via xl0 > 00800 deny ip from any to 169.254.0.0/16 via xl0 > 00900 deny ip from 192.0.2.0/24 to any via xl0 > 01000 deny ip from any to 192.0.2.0/24 via xl0 > 01100 deny ip from 224.0.0.0/4 to any via xl0 > 01200 deny ip from any to 224.0.0.0/4 via xl0 > 01300 deny ip from 240.0.0.0/4 to any via xl0 > 01400 deny ip from any to 240.0.0.0/4 via xl0 > 01500 allow tcp from any to any established > 01600 allow ip from any to any frag > 01700 allow tcp from any to 204.210.189.38 25 setup > 01800 allow tcp from any to 204.210.189.38 53 setup > 01900 allow udp from any to 204.210.189.38 53 > 02000 allow udp from 204.210.189.38 53 to any > 02100 allow tcp from any to 204.210.189.38 80 setup > 02200 allow tcp from any to any setup > 02300 allow udp from any 53 to 204.210.189.38 > 02400 allow udp from 204.210.189.38 to any 53 > 02500 allow udp from any 123 to 204.210.189.38 > 02600 allow udp from 204.210.189.38 to any 123 > 02700 allow tcp from any to any 22 in recv 204.210.189.38 setup > 02800 allow icmp from any to any via fxp0 > 02900 allow icmp from any to any out xmit xl0 icmptype 8 > 03000 allow icmp from any to any in recv xl0 icmptype 0 > 03100 allow icmp from any to any via xl0 icmptype 3,4,11,12 > 03200 deny icmp from any to any > 63000 deny ip from any to 0.0.0.255:0.0.0.255 in recv xl0 > 64000 deny log udp from any to any 137-139 in recv xl0 > 65000 deny ip from any to any via xl0 > 65535 allow ip from any to any Well, I don't see any rules about allowing incoming ident connections (113/tcp). I'll assume you know how to set up the firewall box to be an auth proxy for the Win machine since I wouldn't know where to start. -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message