From owner-freebsd-questions Wed Nov 15 8:30:30 2000 Delivered-To: freebsd-questions@freebsd.org Received: from c528925-a.kreska.org (c528925-a.plano1.tx.home.com [24.21.161.123]) by hub.freebsd.org (Postfix) with ESMTP id 8125E37B4CF for ; Wed, 15 Nov 2000 08:30:26 -0800 (PST) Received: from kreska.org (c528925-a.plano1.tx.home.com [24.21.161.123]) by c528925-a.kreska.org (8.9.3/8.9.3) with ESMTP id KAA00857 for ; Wed, 15 Nov 2000 10:30:25 -0600 (CST) (envelope-from jeff@kreska.org) Message-ID: <3A12BA10.8A977565@kreska.org> Date: Wed, 15 Nov 2000 10:30:08 -0600 From: Jeff X-Mailer: Mozilla 4.73 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: firewall rules to allow IPSec clients through Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am having the hardest time getting my firewall rules configured to allow a client inside my firewall to connect to a IPSec base VPN server on the outside. Here are the rules I have tryed: ... stuff deleted .... ${fwcmd} add allow tcp from any to any 1723 ${fwcmd} add allow udp from any to any 500 ${fwcmd} add allow udp from any to any 4001-49151 ( This is the one that doesn't seem to be working) ... stuff deleted ... And lastly I had: ${fwcmd} add 65000 deny log ip from any to any via ${oif} which I changed to: ${fwcmd} add 64900 allow log all from any to any This makes everything work fine. Now here is what is in the log, can someone help me make the rule work. : ipfw: 64900 Accept UDP :10000 4.40.14.146:10000 out via ed0 : ipfw: 64900 Accept UDP :10000 4.40.14.146:10000 in via vr0 Thanks, Jeff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message