Date: Tue, 12 Oct 2004 21:58:50 -0700 (PDT) From: Dave McCammon <davemac11@yahoo.com> To: David Banning <david+dated+1098070473.6eafc9@skytracker.ca> Cc: questions@freebsd.org Subject: Re: ipfw - denying all - what port for OE Message-ID: <20041013045850.82892.qmail@web41403.mail.yahoo.com> In-Reply-To: <20041013033432.GA6977@skytrackercanada.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--- David Banning <david+dated+1098070473.6eafc9@skytracker.ca> wrote: > I am attempting to block everything except ports 80, > 110, 25 and a > few others, but I can't seem to get Outlook Express > mail clients > to collect mail on the network. Does anyone happen > to know what > ports they use? I have tried 110, 25, 443 and about > 20 others. > > I tried using tcpdump to track the activity when I > have all ports > open and use OE, but it seems to use a different > port each time: > ports like 2843 and other non-allocated port > numbers. > > The client(OE) will use a non-privileged port to connect to the POP3(I assume this is what you want) server port 110. To be clearer, are you attempting to block everything except 80,110,25, and a few others _in_ or _out_? If you are allowing the client to connect,let's say out, to the pop server, are you allowing the return traffic? Example:(arrows for traffic flow) Client request client(2843)->ipfw allow->pop3(110) Server reply client(2843)<-ipfw established<-pop3(110) Simple rule example allow tcp from any to me established allow tcp from me to (server) 110 setup deny ip from any to any This is similar to the example in the ipfw man page. Simple rule using dynamic rules check-state allow tcp from me to (server) 110 setup keep-state deny ip from any to any When "me" makes a setup connection to pop server it creates a dynamic rule for return traffic. After looking at the man page again, this rule is like the example except i didn't use the "established" rule. Read through the examples in the man page and look at key words like "established, keep-state, setup, check-state". _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041013045850.82892.qmail>