From owner-freebsd-questions Fri Oct 25 11:51:48 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9069537B404 for ; Fri, 25 Oct 2002 11:51:47 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id E592F43E6E for ; Fri, 25 Oct 2002 11:51:46 -0700 (PDT) (envelope-from swear@attbi.com) Received: from localhost.localdomain ([12.242.158.67]) by sccrmhc02.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20021025185146.JJMF3104.sccrmhc02.attbi.com@localhost.localdomain>; Fri, 25 Oct 2002 18:51:46 +0000 Received: from localhost.localdomain (localhost [127.0.0.1]) by localhost.localdomain (8.12.6/8.12.5) with ESMTP id g9PIreUW081843; Fri, 25 Oct 2002 11:53:41 -0700 (PDT) (envelope-from swear@attbi.com) Received: (from jojo@localhost) by localhost.localdomain (8.12.6/8.12.5/Submit) id g9PIrZ0e081840; Fri, 25 Oct 2002 11:53:35 -0700 (PDT) (envelope-from swear@attbi.com) X-Authentication-Warning: localhost.localdomain: jojo set sender to swear@attbi.com using -f To: Bryan Cassidy Cc: freebsd-questions@freebsd.org Subject: Re: Whats the deal? References: <20021025005639.507fd4a1.bryanc2000@insightbb.com> <20021025062905.GC70503@vectors.cx> <20021025013131.13ddf403.bryanc2000@insightbb.com> <005b01c27bf0$9f26c1c0$780010ac@KENNETH> <20021025031957.797b2ca1.bryanc2000@insightbb.com> From: swear@attbi.com (Gary W. Swearingen) Date: 25 Oct 2002 11:53:35 -0700 In-Reply-To: <20021025031957.797b2ca1.bryanc2000@insightbb.com> Message-ID: Lines: 31 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Bryan Cassidy writes: > here is the output from "ipfw show" > > insightbb# ipfw show > 01000 307 64003 allow ip from any to any > 65535 1 367 deny ip from any to any > > Sounds like the 'deny ip from any to any' could be the reason why I > lose connection. Do you think so? No. I think you got a bum steer. RTFM. That "ip" bit is the same as "all". Any packet that the filter CAN block (only IP pkts) will be passed by your rule 01000 and so the final rule will never be used whether it's drop or pass. And the counts there show that it has passed 307 pkts. Your problem seems to lie elsewhere. You could do from your shell: ipfw add 100 pass log logamount 1000 all from any to any to get info on the next 1000 pkgs you pass, but I'm not sure how that'd help you. DNS is a frequent culprit. P.S. Leaving your kernel so rule 65535 is deny is safest from a security standpoint because it protects you before the filter rules are configured and if they should get deleted, but there is some chance of limiting you to console access, so people differ on which default they prefer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message