Date: Mon, 16 Apr 2001 09:35:47 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: universe <universe@truemetal.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd filters redirect port. Message-ID: <Pine.BSF.4.21.0104160927070.66955-100000@cody.jharris.com> In-Reply-To: <3ADAEF52.446E2BA2@truemetal.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 16 Apr 2001, universe wrote: > Nick Rogness wrote: > > > > On Sun, 15 Apr 2001, universe wrote: > > > > > hi list, > > > > > > > > (The 1517 ports scanned but not shown below are in state: closed) > > > Port State Service > > > 22/tcp open ssh > > > 80/tcp open http > > > 81/tcp filtered hosts2-ns > > > 137/tcp filtered netbios-ns > > > 138/tcp filtered netbios-dgm > > > 139/tcp filtered netbios-ssn > > > > > port 81 should be "open", not "filtered". i configured natd to > forward requests on port 2345 etc. instead but the effect stays the > same, every port gets filtered. > > > > > > ipfw list on the gateway which runs natd shows the following: > > > > > > 00009 deny tcp from any to any 139 in recv tun0 > > > 00009 deny tcp from any to any 138 in recv tun0 > > > 00009 deny tcp from any to any 137 in recv tun0 > > > 00010 divert 8668 ip from any to any via tun0 > > > 00011 divert 1234 tcp from any to any out xmit tun0 setup > > > 00020 allow ip from any to any > > > 65535 deny ip from any to any > > >> What is rule 11? Is that somehow tied to the PPPoE setup >> [sorry not familiar with that setup]? > > hi nick, > > rule 11 is required for the "tcpmssd" daemon to work. tcpmssd is a > divert program that adjusts outgoing tcp data so that the requested > segment size is not greater than the amount allowed by the interface > mtu. (quoted from the port description) without the daemon running i > can only access a small amount of hosts/websites. this behavior is > caused by pppoe (and the faulty routers, of course). > > however, i removed the rule and shut down tcpmssd to see if it would > change something, but the ports still were filtered... > > any idea? Did you actually try to see if you could pass traffic on that port, regardless of what your portscanner says? WHen you use redirect_port the BSD machine does not listen() on port 81...where are you running your portscanner from? Nick Rogness <nick@rogness.net> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104160927070.66955-100000>