From owner-freebsd-current@freebsd.org Mon Aug 24 13:38:55 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E8D149C1B2C for ; Mon, 24 Aug 2015 13:38:55 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) by mx1.freebsd.org (Postfix) with ESMTP id C8961E08 for ; Mon, 24 Aug 2015 13:38:55 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [10.1.1.2] (unknown [10.1.1.2]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 043FE9054 for ; Mon, 24 Aug 2015 13:38:48 +0000 (UTC) Subject: Re: ipfw rules for connect port 993 To: freebsd-current@freebsd.org References: <55DB16B7.2000602@gyrec.cz> From: Allan Jude Message-ID: <55DB1E79.9030108@freebsd.org> Date: Mon, 24 Aug 2015 09:39:05 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <55DB16B7.2000602@gyrec.cz> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="nUV2ToKLB30b9JM2960QarbeIRsx42Jds" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2015 13:38:56 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --nUV2ToKLB30b9JM2960QarbeIRsx42Jds Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable On 2015-08-24 09:05, Petr Chochol=E1=E8 wrote: > Hello, >=20 > I would like to ask you for advice. I can not connect to imap.gmail.com= > on port 993 from my local network. My LAN is behind freeBSD server with= > IPFW. Server has two network cards rl0=3DInternet and > re0=3DLAN(10.0.0.0/16). Tcpdump on re0 shows three SYN packets without > answers. What rules should i create? >=20 > I tried someting like this, without success: > #ipfw add 01500 allow ip from 10.0.0.0/16 to any in via re0 >=20 >=20 >=20 > Thank you very much for any advice and your patience >=20 > Petr Chochol=E1=E8 > Brno, Czech Republic >=20 > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.o= rg" We would need to see all of your current firewall rules (ipfw show) You'll want to tcpdump on rl0, to see if the packet is being forwarded. Do you have the machine configured as a gateway? (gateway_enable=3D"YES" in /etc/rc.conf) Are you doing NAT (Network Address Translation) to remap the internal (10.0.0.0/16) addresses to your internet routable IP? --=20 Allan Jude --nUV2ToKLB30b9JM2960QarbeIRsx42Jds Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJV2x5/AAoJEBmVNT4SmAt+9MgP/1Pg9OWSv6z/J1GWDr70enyO NY6ZAl1OYwgP/ziiT+3kYL+CcwjsduzQRdchDjmYJCOHW7xF2kigHm5rcdgrNozg hPXgV2a2To95SFK4rXK6nQMkqUcA2Ne5+yGXT4W/sS3cF8RZhl7bFJieeSANfhsh Os+mt90QquCnTVvwr3zfmCmtomeIItWMABhfgNFoA3LEQEFhHkaUzoNYMjv+17/3 afZclhNWkkin3OSfWQjrW2n1j4ofslVdbFFoeJchXtFKdMIYqQ5cJx6oHBPIpYuk j4zNMBUIFHOQWjvZ8SOmnUSQvzsycp/WFJSX9EG1M+7LyI5tfd2qavNup2FmffpS ysTzoa1iYYTYUtV8YbK6v5FWll/0893qn1Zb9PFof3rKoGhED+snv2Be1ft2v0/d NwqWTryMF0oBm3sVr3MKoFFfYkx4hBmyZYV3etRNcPBGFrOGgqv82k7OQ4z7caHu I0P5Btf0qmFZW24mvf6QO5pk3cgmPjJjqJPVEEBCgFQihznWPG/yI9IGqJwG8aKK 9DapPvtY+EhpgBdmMaAj6qp2BG69xynURq4gYN9q4g6Lx2p4hlbR71FXvRTU7erp o6bwwnt8iy3kxoPalP3ZwUWN5Cu55Pe9AID/F88JTl0ncVSqGcW4nv66vo2wys4j faVg7eYNuT6vTOcKc8pp =97ba -----END PGP SIGNATURE----- --nUV2ToKLB30b9JM2960QarbeIRsx42Jds--