From owner-freebsd-questions Mon Apr 16 6:29:32 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 6EB9D37B424 for ; Mon, 16 Apr 2001 06:29:28 -0700 (PDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f3GEZlv67185; Mon, 16 Apr 2001 09:35:47 -0500 (CDT) (envelope-from nick@rogness.net) Date: Mon, 16 Apr 2001 09:35:47 -0500 (CDT) From: Nick Rogness X-Sender: nick@cody.jharris.com To: universe Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd filters redirect port. In-Reply-To: <3ADAEF52.446E2BA2@truemetal.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 16 Apr 2001, universe wrote: > Nick Rogness wrote: > > > > On Sun, 15 Apr 2001, universe wrote: > > > > > hi list, > > > > > > > > (The 1517 ports scanned but not shown below are in state: closed) > > > Port State Service > > > 22/tcp open ssh > > > 80/tcp open http > > > 81/tcp filtered hosts2-ns > > > 137/tcp filtered netbios-ns > > > 138/tcp filtered netbios-dgm > > > 139/tcp filtered netbios-ssn > > > > > port 81 should be "open", not "filtered". i configured natd to > forward requests on port 2345 etc. instead but the effect stays the > same, every port gets filtered. > > > > > > ipfw list on the gateway which runs natd shows the following: > > > > > > 00009 deny tcp from any to any 139 in recv tun0 > > > 00009 deny tcp from any to any 138 in recv tun0 > > > 00009 deny tcp from any to any 137 in recv tun0 > > > 00010 divert 8668 ip from any to any via tun0 > > > 00011 divert 1234 tcp from any to any out xmit tun0 setup > > > 00020 allow ip from any to any > > > 65535 deny ip from any to any > > >> What is rule 11? Is that somehow tied to the PPPoE setup >> [sorry not familiar with that setup]? > > hi nick, > > rule 11 is required for the "tcpmssd" daemon to work. tcpmssd is a > divert program that adjusts outgoing tcp data so that the requested > segment size is not greater than the amount allowed by the interface > mtu. (quoted from the port description) without the daemon running i > can only access a small amount of hosts/websites. this behavior is > caused by pppoe (and the faulty routers, of course). > > however, i removed the rule and shut down tcpmssd to see if it would > change something, but the ports still were filtered... > > any idea? Did you actually try to see if you could pass traffic on that port, regardless of what your portscanner says? WHen you use redirect_port the BSD machine does not listen() on port 81...where are you running your portscanner from? Nick Rogness - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message