Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 1 Aug 2002 10:44:38 +0000
From:      Philip Reynolds <>
Subject:   Re: ruleset q-n
Message-ID:  <>
In-Reply-To: <015c01c238dd$a8bc8450$0100a8c0@ilya>; from on Wed, Jul 31, 2002 at 05:59:55PM -0400
References:  <015c01c238dd$a8bc8450$0100a8c0@ilya>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Ilya <> 41 lines of wisdom included:
> I have a problem, with smtp traffic, in my ipfw.log i see alot of 65534 denied packets either from foreign_ip port 25, or to my internet_ip port 25, even though all emails seem to go through.
> here is my ruleset:

<snip rules>

> i had same problem with DNS and solved  it by specifically alowing DNS traffic in all directions, but i dont think thats the right way.
> Why would smtp traffic hit the last deny rule at all?
> for example this is an entry from log:
> Jul 31 17:52:57 mybox ipfw: 65534 Deny TCP $internet_ip:25 in via ed0
> but the email did came through. it almost looks like the connection is closed, and than tries to connect to port 25 again. 
> why wouldnt it be able to do so? why didnt this packet hit rule 500 ? and instead hit 65534?

I don't have the time to look at your problem in-depth at the
moment, but perhaps look at the following:

As you seem to be using NAT and stateful firewalling. After coming
across problems with NAT and stateful firewalling, the above
solution worked for me.

If you're still having problems after completing the instructions
(there aren't many I know, but I'm just starting it), paste the
output for ipfw -d list, during the connections, and more verbose
logs, plus an analysis of the traffic would be nice as well (see

Philip Reynolds                  | Technical Director  | RFC Networks Ltd.       | +353 (0)1 8832063

To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>