Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 23 May 1998 20:04:43 -0300
From:      Capriotti <capriotti@geocities.com>
To:        "J.A. Terranson" <sysadmin@mfn.org>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   RE: IPFW  and pop3/irc - loooong wait
Message-ID:  <3.0.32.19691231210000.00bbb100@pop.mpc.com.br>
next in thread | raw e-mail | index | archive | help 
I would LOVE to have a copy of your rule set.

I'm spining my wheel here trying to set up mine with an extra problem:
Samba attempts to dial whenever the machine is started, and, probably,
everytime it has some ns lookup. 

To prevent this dialing, I have set porst udp/tcp 137-139 to ed1 only.

It worked great, but, now, for some reason which I could't understand till
now, calls from browsers, email clients, irc clients, are not causing ppp
to dial;

I found out that, if I allow port 53 - DNS - to be avaliable from any to
any, I can make them work, but then Samba starts ppp dialing again.

If you can send me your rule set, I will study it hard, to see if I can get
some light on this.

TIA !



At 05:55 PM 5/23/98 -0500, you wrote:
>> Your problem is that you are blocking IDENT requests.  If you dont mind 
>servicing these (they are very low risk services) simply allow port 113 (tcp)
>to function.
>
>BTW: I just found out that 113 is being widely used for some other services
>too: like smtp reverse lookups.
>
>We allow 113 subject to some pretty tight rules, if you like, I can send
you a
>copy of our rulesets.
>
>J.A. Terranson
>sysadmin@mfn.org
>
>
>
>
>The following rule:
>
># Reject&Log all setup of incoming connections from the outside
>    $fwcmd add 300 deny log tcp from any to any in via ${oif} setup
>
>is causing pop3 (when sending msgs) and IRC (when connecting; port 6667)
>take too long to connect
>
>I get messages like this on the console:
>
>ipfw: 300 Deny tcp 209.104.220.13:4737 200.246.0.15:113 in via tun0
>
>
>is it expected ? (I don't see why... My TCP/IP skills are not that good)
>
>In case it is, is there any workaround for this delay ?
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
>
>
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19691231210000.00bbb100>