Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 01 Aug 2001 20:37:49 -0500
From:      David Kelly <>
To:        "alexus" <>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: pcAnywhere 
Message-ID:  <>
In-Reply-To: Message from "alexus" <>  of "Wed, 01 Aug 2001 19:28:51 EDT." <009d01c11ae1$b95f2a30$0d00a8c0@alexus> 

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
"alexus" writes:
> how would i do that?

If your ipfw rules are derived from the standard FreeBSD 
/etc/rc.firewall then the last rule applied is probably the one 
blocking pcAnywhere:

 ${fwcmd} add deny ip from any to any 

so add the word "log" as shown below:

 ${fwcmd} add deny log ip from any to any 

Then "ipfw -a list" from the shell will show your current rules and how 
many hits on each rule.

OK, a bit easier from the top. Make sure ipfw is running and discover 
what rules are being applied at this moment:

	ipfw -a list

Study the output of the above for whatever rule you suspect is blocking 
pcAnywhere. In my case its probably this one (have deleted the rest):

02400    7319     938531 deny log ip from any to any

But as you can see I'm already logging it. If I wasn't then without
messing with /etc/rc.firewall (or where ever your rules come from) we
could manually insert a rule in front of the above on the fly without
hurting anything in progress (no reboot, also assuming ipfw logging is

	ipfw add 2390 deny log ip from any to any

Then "ipfw -a list" might show (once again I've only cut/pasted the 
lines which apply to our discussion):

02390       0          0 deny log ip from any to any
02400    7320     938859 deny log ip from any to any

Now, when pcAnywhere hits your system and tries to get thru you should 
see something about it in /var/log/security. Here is the closest thing 
I can find at the moment in my log:

Aug  1 20:24:51 grumpy /kernel: ipfw: 2400 Deny UDP in via fxp0

The above says port 50329 at tried UDP to my port 67.
You'll find something like that telling you what the pcAnywhere is
trying to get thru. You'll know its pcAnywhere because you know the IP
address of the PC. Others have already said pcAnywhere uses a range of
ports, and the range depends on what version it is.

Once you have found where the blockage is you can manually add/delete 
ipfw rules one at a time from the shell command line as we did above. 
I'm going to clean up my mess:

	ipfw delete 2390

David Kelly N4HHE,
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.

To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>