Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Aug 2015 10:02:56 +0200
From:      =?ISO-8859-2?Q?Petr_Chochol=E1=E8?= <admin@gyrec.cz>
To:        freebsd-current@freebsd.org
Subject:   Re: ipfw rules for connect port 993
Message-ID:  <55DC2130.9040004@gyrec.cz>
In-Reply-To: <55DB1E79.9030108@freebsd.org>
References:  <55DB16B7.2000602@gyrec.cz> <55DB1E79.9030108@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------040508020603000204040805
Content-Type: text/plain; charset=iso-8859-2; format=flowed
Content-Transfer-Encoding: 8bit

Hello ,

thank you for your answer.

ad1.
i send my current firewall rules and record from tcpdump on re0 .
My LAN is 172.16.0.0/22 (10... it was easy. I think it does not matter)
My second LAN is 192.168.1.0/24(on this network connection to the IMAP 
port 993 works)
My public IP is 86.49.91.98
ad2.
Tcpdump on rl0 shows nothing
ad3.
Yes . I have gateway_enable="YES" in /etc/rc.conf
ad4.
I think yes...

PS : Firewall is not my work . I inherited it.

Thank you very much

Petr Chocholac



Dne 24.8.2015 v 15:39 Allan Jude napsal(a):
> On 2015-08-24 09:05, Petr Chocholáč wrote:
>> Hello,
>>
>> I would like to ask you for advice. I can not connect to imap.gmail.com
>> on port 993 from my local network. My LAN is behind freeBSD server with
>> IPFW. Server has two network cards rl0=Internet and
>> re0=LAN(10.0.0.0/16). Tcpdump on re0 shows three SYN packets without
>> answers.  What rules should i create?
>>
>> I tried someting like this, without success:
>> #ipfw add 01500 allow ip from 10.0.0.0/16 to any in via re0
>>
>>
>>
>> Thank you very much for any advice and your patience
>>
>> Petr Chocholáč
>> Brno, Czech Republic
>>
>> _______________________________________________
>> freebsd-current@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-current
>> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
> We would need to see all of your current firewall rules (ipfw show)
>
> You'll want to tcpdump on rl0, to see if the packet is being forwarded.
>
> Do you have the machine configured as a gateway? (gateway_enable="YES"
> in /etc/rc.conf)
>
> Are you doing NAT (Network Address Translation) to remap the internal
> (10.0.0.0/16) addresses to your internet routable IP?
>


--------------040508020603000204040805
Content-Type: text/plain; charset=windows-1250;
 name="ipfwshow.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="ipfwshow.txt"

00100   9036394   8499055198 allow ip from any to any via lo0
00200         0            0 deny ip from any to 127.0.0.0/8
00300         0            0 deny ip from 127.0.0.0/8 to any
00400       134         9313 allow udp from any to 86.49.91.110 dst-port 53 keep-state
00500         0            0 allow udp from 86.49.91.110 53 to any keep-state
00600         0            0 allow tcp from 86.49.91.107 to any dst-port 25 setup
00700         0            0 allow tcp from 86.49.91.98 25 to any dst-port 25 setup
00800         0            0 allow udp from 86.49.91.110 53 to any keep-state
00900    956234     80342962 allow icmp from 86.49.91.98 to any keep-state
01000     17235      1324207 allow icmp from any to 86.49.91.98 keep-state
01100     14068      1530257 allow udp from 86.49.91.98 53 to any keep-state
01200      7759       554809 allow ip from 172.16.0.0/24 to 86.49.91.96/28
01300       946        72736 allow ip from 86.49.91.96/28 to 172.16.0.0/24
01400         0            0 allow ip from 172.16.0.0/16 to 195.113.191.160/28 dst-port 8080,26,55555,10943,22,26,3128,61085,514,25,53
01500         0            0 allow ip from 172.16.0.0/16 to 86.49.91.96/28 dst-port 8080,26,55555,10943,22,26,3128,61085,514,25,53,993
01600       722        38642 deny log ip from 218.0.0.0/8 to any via rl0
01700         0            0 deny log ip from 221.6.178.0/24{0-63} to any via rl0
01800         0            0 deny log ip from 210.68.8.128/25 to any via rl0
01900        12          845 deny log ip from 121.8.0.0/13 to any via rl0
02000         0            0 deny log ip from 58.208.0.0/20 to any via rl0
02100         0            0 deny log ip from 62.193.235.47 to any via rl0
02200         0            0 deny log ip from 74.208.164.166 to any via rl0
02300         0            0 deny log ip from any to 74.208.164.166
02400         0            0 deny log ip from 61.78.0.0/16 to any via rl0
02500         0            0 deny log ip from 91.200.108.0/24 to any dst-port 25 via rl0
02600         0            0 allow ip from 172.16.2.0/24 to any dst-port 53 keep-state
02700     67565     11649052 allow ip from 172.16.2.0/23 to any dst-port 53 keep-state
02800       240        17484 allow log logamount 2 udp from 172.16.0.99 to any dst-port 53 out via rl0 keep-state
02900         0            0 allow log logamount 2 udp from any 53 to 172.16.0.99 in via rl0 keep-state
03000         0            0 allow log logamount 2 udp from any 53 to 192.168.1.1 in via rl0 keep-state
03100        23         1493 allow log logamount 100 udp from 192.168.1.1 53 to any keep-state
03200         0            0 fwd 172.16.0.99,8080 tcp from 172.16.2.0/24 to any dst-port 80 out via rl0
03300   2543961    222167859 fwd 172.16.0.99,8080 tcp from 172.16.2.0/23 to any dst-port 80 out via rl0
03400         0            0 allow tcp from 172.16.2.0/23 to 172.16.0.2 setup
03500         0            0 allow tcp from 172.16.2.0/24 to 172.16.0.2 setup
03600         0            0 allow ip from 172.16.2.0/23 to 172.16.0.2 setup
03700         0            0 allow ip from 172.16.2.0/24 to 172.16.0.2 setup
03800         0            0 allow tcp from 172.16.2.0/24 to 192.168.1.1 setup
03900         0            0 allow tcp from 172.16.2.0/24 to 192.168.1.1 setup
04000     29654      1806084 allow tcp from 172.16.2.0/23 to any dst-port 8080,80,3128 setup
04100         0            0 allow udp from 172.16.2.0/23 to any dst-port 53 keep-state
04200         0            0 allow tcp from 172.16.1.0/24 to any dst-port 8080,80,3128 setup
04300         0            0 allow udp from 172.16.1.0/24 to any dst-port 53 keep-state
04400         0            0 allow log udp from 172.16.0.0/24 to any dst-port 53 keep-state
04500         0            0 allow log ip from any to 83.240.84.57 setup
04600         0            0 deny log ip from 172.16.1.0/24 to any not dst-port 443,8080,80,3128,53,1935
04700     65767      4520394 deny log ip from 172.16.2.0/23 to any not dst-port 443,8080,80,3128,53,1935
04800       600        60337 deny log ip from 192.168.1.223 to any not dst-port 80,443,8080,3128,53,1935,993,10943
04900        10          778 deny ip from 61.79.0.0/16 to any via rl0
05000         0            0 deny ip from 61.80.0.0/16 to any via rl0
05100         1           40 deny ip from 61.81.0.0/16 to any via rl0
05200         0            0 deny ip from 61.82.0.0/16 to any via rl0
05300         0            0 deny ip from 61.83.0.0/16 to any via rl0
05400         0            0 deny ip from 61.84.0.0/16 to any via rl0
05500         0            0 deny ip from 61.85.0.0/16 to any via rl0
05600         0            0 deny ip from 195.23.121.0/24 to any via rl0
05700         1           48 allow tcp from any to 86.49.91.98 dst-port 444 setup via rl0
05800         0            0 allow tcp from any to 86.49.91.98 dst-port 444 via rl0
05900       777        40028 allow tcp from any to 86.49.91.98 dst-port 80 setup via rl0
06000      3382       340639 allow tcp from any to 86.49.91.98 dst-port 80 via rl0
06100         0            0 allow tcp from any to { 195.113.191.171 or 86.49.91.107 } dst-port 3049 setup
06200        45         1956 allow tcp from any to { 195.113.191.171 or 86.49.91.107 } dst-port 443 setup
06300         0            0 allow tcp from any to { 195.113.191.171 or 86.49.91.107 } dst-port 443
06400       167         6992 allow tcp from any to { 195.113.191.171 or 86.49.91.107 } dst-port 80 setup
06500         1           44 allow tcp from any to { 195.113.191.171 or 86.49.91.107 } dst-port 80
06600         0            0 allow tcp from 83.240.0.0/16 to 86.49.91.98 dst-port 443 setup via rl0
06700         0            0 allow tcp from 83.240.1.249 to 86.49.91.98 dst-port 443 setup via rl0
06800         0            0 allow tcp from 89.176.0.0/15 to 86.49.91.98 dst-port 80 setup via rl0
06900         0            0 allow tcp from 89.176.0.0/15 to 86.49.91.98 dst-port 443 setup via rl0
07000         0            0 allow tcp from 62.245.96.0/19 to 86.49.91.98 dst-port 80 setup via rl0
07100         0            0 allow tcp from 62.245.100.0/24 to 86.49.91.98 dst-port 80 setup via rl0
07200         0            0 allow tcp from 62.245.101.0/24 to 86.49.91.98 dst-port 80 setup via rl0
07300         0            0 allow tcp from 62.245.102.0/24 to 86.49.91.98 dst-port 80 setup via rl0
07400         0            0 allow tcp from 62.245.103.0/24 to 86.49.91.98 dst-port 80 setup via rl0
07500         0            0 allow tcp from 62.245.96.0/19 to 86.49.91.98 dst-port 443 setup via rl0
07600         0            0 allow tcp from 62.245.100.0/24 to 86.49.91.98 dst-port 443 setup via rl0
07700         0            0 allow tcp from 62.245.101.0/24 to 86.49.91.98 dst-port 443 setup via rl0
07800         0            0 allow tcp from 62.245.102.0/24 to 86.49.91.98 dst-port 443 setup via rl0
07900         0            0 allow tcp from 62.245.103.0/24 to 86.49.91.98 dst-port 443 setup via rl0
08000         0            0 allow tcp from 62.245.104.0/24 to 86.49.91.98 dst-port 443 setup via rl0
08100         0            0 allow tcp from 62.245.105.0/24 to 86.49.91.98 dst-port 443 setup via rl0
08200         0            0 allow tcp from 62.245.106.0/24 to 86.49.91.98 dst-port 443 setup via rl0
08300         0            0 allow tcp from 62.245.107.0/24 to 86.49.91.98 dst-port 443 setup via rl0
08400         0            0 allow tcp from 62.245.108.0/24 to 86.49.91.98 dst-port 443 setup via rl0
08500         0            0 allow tcp from 62.245.109.0/24 to 86.49.91.98 dst-port 443 setup via rl0
08600         0            0 allow tcp from 62.245.110.0/24 to 86.49.91.98 dst-port 443 setup via rl0
08700         0            0 allow tcp from 62.245.111.0/24 to 86.49.91.98 dst-port 443 setup via rl0
08800         0            0 allow tcp from 85.70.0.0/16 to 86.49.91.98 dst-port 443 setup via rl0
08900         0            0 allow tcp from 85.71.0.0/16 to 86.49.91.98 dst-port 443 setup via rl0
09000         0            0 allow tcp from 84.42.232.0/21 to 86.49.91.98 dst-port 443 setup via rl0
09100         0            0 allow tcp from 84.42.240.0/20 to 86.49.91.98 dst-port 443 setup via rl0
09200         0            0 allow tcp from 80.188.157.0/24 to 86.49.91.98 dst-port 443 setup via rl0
09300         0            0 allow tcp from 89.102.9.0/24 to 86.49.91.98 dst-port 443 setup via rl0
09400         0            0 allow tcp from 89.102.0.0/16 to 86.49.91.98 dst-port 443 setup via rl0
09500         0            0 allow tcp from 81.27.192.0/20 to 86.49.91.98 dst-port 443 setup via rl0
09600         0            0 allow tcp from 81.19.32.0/20 to 86.49.91.98 dst-port 443 setup via rl0
09700         0            0 allow tcp from 89.103.88.0/24 to 86.49.91.98 dst-port 443 setup via rl0
09800         0            0 allow tcp from 89.102.207.0/24 to 86.49.91.98 dst-port 443 setup via rl0
09900         0            0 allow tcp from 94.112.0.0/15 to 86.49.91.98 dst-port 443 setup via rl0
10000         0            0 allow tcp from 94.112.0.0/14 to 86.49.91.98 dst-port 443 setup via rl0
10100         0            0 allow tcp from 78.44.0.0/15 to 86.49.91.98 dst-port 443 setup via rl0
10200         0            0 allow tcp from 78.45.0.0/16 to 86.49.91.98 dst-port 443 setup via rl0
10300         0            0 allow tcp from 78.102.0.0/15 to 86.49.91.98 dst-port 443 setup via rl0
10400         0            0 allow tcp from 78.102.0.0/16 to 86.49.91.98 dst-port 443 setup via rl0
10500         0            0 allow tcp from 84.42.224.0/20 to 86.49.91.98 dst-port 443 setup via rl0
10600         0            0 allow tcp from 84.42.128.0/17 to 86.49.91.98 dst-port 443 setup via rl0
10700         0            0 allow tcp from 77.240.184.0/21 to 86.49.91.98 dst-port 993 setup via rl0
10800         0            0 allow tcp from 81.19.8.114 to 86.49.91.98 dst-port 993 setup via rl0
10900         0            0 allow tcp from 81.19.8.114 to 86.49.91.98 dst-port 993 via rl0
11000         0            0 allow tcp from 176.74.128.0/17 to 86.49.91.98 dst-port 993 setup via rl0
11100         0            0 allow tcp from 176.74.157.135 to 86.49.91.98 dst-port 993 setup via rl0
11200         0            0 deny log ip from any to 149.20.56.33
11300         0            0 deny log ip from any to 149.20.56.32
11400         0            0 deny log ip from any to 143.215.143.11
11500         0            0 deny log ip from any to 143.215.129.26
11600         0            0 deny log ip from any to 149.20.56.34
11700         0            0 deny log ip from any to 143.215.130.33
11800         0            0 deny log ip from any to 87.106.24.200
11900         0            0 deny log ip from any to 149.20.56.33
12000      6501       301558 deny log ip from any to 86.49.91.96/28 dst-port 3306,8080,26,55555,10943,22,26,61085,514 via rl0
12100       941        37928 deny log ip from any to 86.49.91.96/28 dst-port 3128 via rl0
12200     85603      8017309 allow log ip from any to 86.49.91.96/28 via re0
12300         0            0 allow log ip from any to 86.49.91.96/28 via re0
12400     85456     59560204 allow log ip from 86.49.91.96/28 to any via re0
12500       465        20568 deny ip from any to 10.0.0.0/8 via rl0
12600         0            0 deny ip from any to 0.0.0.0/8 via rl0
12700         0            0 deny ip from any to 169.254.0.0/16 via rl0
12800         0            0 deny ip from any to 192.0.2.0/24 via rl0
12900       248        17840 deny ip from any to 224.0.0.0/4 via rl0
13000        10         3710 deny ip from any to 240.0.0.0/4 via rl0
13100        62         4652 skipto 14000 tcp from 192.168.1.251 to any dst-port 80
13200         0            0 fwd 192.168.1.1,3128 tcp from 172.16.1.0/24 to any dst-port 80 out via rl0
13300         0            0 fwd 192.168.1.1,3128 tcp from 172.16.2.0/23 to any dst-port 80 out via rl0
14000         0            0 allow tcp from 192.168.1.223 to any dst-port 25
14100         0            0 allow tcp from 192.168.1.253 to any dst-port 25
14200         0            0 allow tcp from 192.168.1.199 to any dst-port 25
14300         0            0 allow tcp from any to 192.168.1.199 dst-port 25
14400         0            0 deny log tcp from 172.16.1.0/24 to any dst-port 25
14500         0            0 deny log tcp from 172.16.2.0/24 to any dst-port 25
14600         6         2046 deny log udp from any to { 195.113.191.160/28 or 86.49.91.96/28 } dst-port 67 via rl0
14700         0            0 deny tcp from not 192.168.1.0/24{164,251} to { 195.113.191.169 or 86.49.91.105 } dst-port 22 via re0
14800         0            0 allow tcp from 192.168.1.223 to any dst-port 25
14900         0            0 allow tcp from 192.168.1.253 to any dst-port 25
15000         0            0 allow tcp from 192.168.1.251 to 192.168.1.1 dst-port 25 setup
15100         0            0 allow tcp from 192.168.1.111 to 192.168.1.1 dst-port 25
15200         0            0 deny log udp from any to { 195.113.191.160/28 or 86.49.91.96/28 } dst-port 67 via rl0
15300         0            0 deny tcp from not 192.168.1.0/24{164,251} to { 195.113.191.169 or 86.49.91.105 } dst-port 22 via re0
15400  20999597  16135713820 divert 8668 ip from any to any via rl0
15500        73         4900 allow icmp from 172.16.0.0/24 to any
15600         0            0 allow icmp from 172.16.0.0/24 to any keep-state
15700         0            0 allow udp from 172.16.0.99 to any via re0 keep-state
15800         0            0 allow udp from any to 172.16.0.99 via rl0 keep-state
15900         0            0 allow udp from any to 172.16.0.99 via re0 keep-state
16000         0            0 allow tcp from 172.16.0.0/24 to any setup
16100    208138     13112674 allow icmp from 192.168.1.0/24 to any icmptypes 0,8 via re0
16200         0            0 allow icmp from any to 192.168.1.0/24 icmptypes 0,8 via re0
16300         0            0 allow icmp from any to 192.168.1.0/24 icmptypes 0,8 via rl0
16400         0            0 allow icmp from 213.29.21.68 to { 195.113.191.160/28 or 86.49.91.96/28 } icmptypes 0,8 via rl0
16500         0            0 allow icmp from any to 192.168.1.0/24 icmptypes 0,8 via re0
16600         0            0 allow icmp from any to 192.168.1.0/24 icmptypes 0,8 via rl0
16700         0            0 allow icmp from 213.29.21.68 to { 195.113.191.160/28 or 86.49.91.96/28 } icmptypes 0,8 via rl0
16800         0            0 allow icmp from 86.49.91.97 to { 195.113.191.160/28 or 86.49.91.96/28 } icmptypes 0,8 via rl0
16900        37         2532 allow icmp from { 195.113.191.160/28 or 86.49.91.96/28 } to any icmptypes 0,8 via rl0
17000    111716      5874040 allow tcp from 86.49.91.98 to any setup
17100         0            0 allow tcp from { 195.113.191.167 or 86.49.91.103 } to any setup
17200         0            0 deny ip from 0.0.0.0/8 to any via rl0
17300         0            0 deny ip from 169.254.0.0/16 to any via rl0
17400         0            0 deny ip from 192.0.2.0/24 to any via rl0
17500         0            0 deny ip from 224.0.0.0/4 to any via rl0
17600         0            0 deny ip from 240.0.0.0/4 to any via rl0
17700 399559319 339151751085 allow tcp from any to any established
17800         2          522 allow ip from any to any frag
17900         0            0 deny log tcp from any to 86.49.91.98 dst-port 80
18000       916        44672 allow tcp from any to 86.49.91.107 dst-port 25,26 setup
18100         0            0 allow tcp from any to 86.49.91.98 dst-port 25 setup
18200         0            0 allow tcp from any to { 195.113.191.171 or 86.49.91.107 } dst-port 25 setup
18300       269        13068 allow tcp from any to { 195.113.191.164 or 86.49.91.100 } dst-port 25 setup
18400         0            0 allow tcp from 192.168.1.223 to 192.168.1.1 dst-port 2049,111 via re0 setup
18500         0            0 allow tcp from 192.168.1.251 to 192.168.1.1 dst-port 2049,111 via re0 setup
18600        22         1024 deny tcp from any to any dst-port 2049,111
18700         0            0 allow udp from 192.168.1.223 to 192.168.1.1 dst-port 111,2049 via re0 keep-state
18800         0            0 allow udp from 192.168.1.251 to 192.168.1.1 dst-port 111,2049 via re0 keep-state
18900        88         6008 deny udp from any to any dst-port 2049,111
19000     36499      1936092 allow log tcp from 192.168.1.0/24 to any via re0 setup
19100         0            0 allow log tcp from 192.168.1.0/24 to any via re0
19200    486010     58558185 allow log udp from 192.168.1.0/24 to any via re0 keep-state
19300     17384      1048620 allow log logamount 2 tcp from 172.16.0.0/12 to any via re0 setup
19400    151549     11770225 allow log logamount 2 udp from 172.16.0.0/12 to any via re0
19500         0            0 allow tcp from any to 172.16.0.2 via re0 setup
19600         0            0 allow tcp from any to 172.16.0.251 via re0 setup
19700         0            0 allow tcp from 192.168.1.0/24 to { 195.113.191.160/28 or 86.49.91.96/28 } dst-port 3128 setup
19800         0            0 allow udp from 192.168.1.0/24 to { 195.113.191.160/28 or 86.49.91.96/28 } dst-port 3128
19900         0            0 allow udp from 192.168.1.0/24 to any dst-port 3130
20000         0            0 allow tcp from { 195.113.191.160/28 or 86.49.91.96/28 } to 86.49.91.98 dst-port 3128 setup via re0
20100         0            0 allow tcp from 192.168.1.0/24 to { 195.113.191.164 or 86.49.91.100 } dst-port 22 setup
20200         0            0 allow tcp from any to 172.16.0.253 dst-port 22 setup
20300         0            0 allow tcp from any 80 to 192.168.1.0/24
20400         0            0 allow tcp from { 195.113.191.167 or 86.49.91.103 } to 86.49.91.98 dst-port 5432 via re0 setup
20500     23184      1292000 allow tcp from any to { 195.113.191.169 or 86.49.91.105 } dst-port 80 setup
20600         0            0 allow tcp from any to { 195.113.191.169 or 86.49.91.105 } dst-port 3049 setup
20700       922        50916 allow tcp from any to { 195.113.191.173 or 86.49.91.109 } dst-port 80 setup
20800         0            0 allow tcp from any to { 195.113.191.171 or 86.49.91.107 } dst-port 80 setup
20900         1           40 allow tcp from any to { 195.113.191.171 or 86.49.91.107 } dst-port 443 setup
21000         0            0 allow tcp from { 195.113.191.166 or 86.49.91.102 } to { 195.113.191.169 or 86.49.91.105 } dst-port 22 via re0 setup
21100         0            0 allow tcp from any to { 195.113.191.168 or 86.49.91.104 } dst-port 115 setup
21200         0            0 allow tcp from { 195.113.191.160/28 or 86.49.91.96/28 } to { 195.113.191.168 or 86.49.91.104 } dst-port 22 setup
21300         0            0 allow tcp from 81.19.11.196 to { 195.113.191.168 or 86.49.91.104 } dst-port 22 setup
21400         0            0 allow tcp from any to { 195.113.191.167 or 86.49.91.103 } dst-port 3049 setup
21500         0            0 allow tcp from any to { 195.113.191.167 or 86.49.91.103 } dst-port 3049
21600         0            0 allow tcp from any to { 195.113.191.169 or 86.49.91.105 } dst-port 3049 setup
21700         0            0 allow tcp from 176.74.157.135 to { 195.113.191.169 or 86.49.91.105 } dst-port 3049
21800       612        33880 allow tcp from any to { 195.113.191.167 or 86.49.91.103 } dst-port 443 setup
21900         0            0 allow tcp from any to { 195.113.191.167 or 86.49.91.103 } dst-port 443 setup
22000         0            0 allow tcp from any to { 195.113.191.171 or 86.49.91.107 } dst-port 443 setup
22100         0            0 allow tcp from any to { 195.113.191.171 or 86.49.91.107 } dst-port 80 setup
22200       183         7728 allow tcp from any to { 195.113.191.174 or 86.49.91.110 } dst-port 80 setup
22300         0            0 allow tcp from any to { 195.113.191.173 or 86.49.91.109 } dst-port 80 setup
22400         0            0 allow tcp from 77.240.184.0/21 to { 195.113.191.168 or 86.49.91.104 } setup
22500         0            0 allow tcp from 176.74.128.0/17 to { 195.113.191.168 or 86.49.91.104 } setup
22600       343        16840 allow tcp from any to { 195.113.191.168 or 86.49.91.104 } dst-port 80 setup
22700       175         7308 allow tcp from any to { 195.113.191.166 or 86.49.91.102 } dst-port 80 setup
22800         6          256 allow tcp from any to { 195.113.191.168 or 86.49.91.104 } dst-port 110 setup
22900         3          120 allow tcp from any to { 195.113.191.168 or 86.49.91.104 } dst-port 3129 setup
23000        14          612 allow tcp from any to { 195.113.191.168 or 86.49.91.104 } dst-port 8000 setup
23100       129         6884 allow tcp from any to { 195.113.191.168 or 86.49.91.104 } dst-port 443 setup
23200         0            0 allow tcp from any to 172.16.1.0/24 setup
23300         0            0 allow tcp from any to 172.16.2.0/23 setup
23400         0            0 allow udp from any to 172.16.1.0/24
23500         0            0 allow udp from any to 172.16.2.0/23
23600         0            0 allow udp from any to 172.16.0.2
23700         0            0 allow udp from any to 172.16.0.3
23800         0            0 allow tcp from any to 172.16.0.2 setup
23900         0            0 allow tcp from any to 172.16.0.3 setup
24000        15          888 allow tcp from any to 86.49.91.98 dst-port 53 setup
24100      1023        65626 allow udp from any to 86.49.91.98 dst-port 53
24200         0            0 allow tcp from any to 86.49.91.98 dst-port 53 setup
24300         0            0 allow udp from any to 86.49.91.98 dst-port 53
24400    307023     51681967 allow udp from any to any dst-port 53 keep-state
24500    115056     12704240 allow udp from any 53 to any keep-state
24600         0            0 allow udp from 86.49.91.98 to any dst-port 53 keep-state
24700         0            0 allow udp from 86.49.91.98 53 to any keep-state
24800         0            0 allow ip from any to 172.16.0.99 keep-state
24900         0            0 allow ip from 172.16.0.99 to any keep-state
25000         0            0 allow log logamount 2 udp from not 172.16.0.99 to any dst-port 53 via re0 keep-state
25100         0            0 allow udp from any 53 to any via re0 keep-state
25200    154706     11757656 allow udp from 86.49.91.98 to any dst-port 123 keep-state
25300     21293      1563407 allow udp from any to any dst-port 123 keep-state
25400    557050    171076733 allow log logamount 100 ip from any to any via re0
25500      3860       185648 allow log logamount 2 ip from any to { 195.113.191.174 or 86.49.91.110 } setup
25600     39627      1963136 deny log logamount 100 tcp from any to any via rl0 setup
25700      6691      1610703 deny log logamount 100 udp from any to any via rl0
25800      8424       639068 deny log logamount 2 icmp from any to any
25900         0            0 deny log logamount 100 ip from any to any dst-port 68 via re0
26000         0            0 deny log logamount 100 ip from any to any dst-port 67 via re0
65535    370105    114020634 deny ip from any to any

--------------040508020603000204040805
Content-Type: text/plain; charset=windows-1250;
 name="tcpdump.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="tcpdump.txt"

08:43:12.529990 IP 172.16.3.130.57564 > 64.233.184.109.993: Flags [S], seq 1047705988, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
08:43:15.541589 IP 172.16.3.130.57564 > 64.233.184.109.993: Flags [S], seq 1047705988, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
08:43:21.545748 IP 172.16.3.130.57564 > 64.233.184.109.993: Flags [S], seq 1047705988, win 8192, options [mss 1460,nop,nop,sackOK], length 0


--------------040508020603000204040805--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55DC2130.9040004>