pass out quick on ep0 proto tcp from 192.168.0.0/24 to any port = 6667 keep Flags S state keep frags
pass out quick on ep0 proto udp from 192.168.0.0/24 to any port = 6667 keep state keep frags
Note that you need both of these statements to if you are going to use the state rules. The "Flags S" is necessary for tcp connections but will generate an error for udp (no syn on udp). So we need both lines.
I assume you have a general NAT rule that allows you to initiate outbound connections. So you should not need the rdr stuff. The state rules will take care of that.
I find it easier to do my allows and blocks on the outside interface in general.
--Wes
n Oct 25, 2003, at 9:21 PM, Dave wrote:
Hello,
Did some more investigating on this issue and it looks like it's
an error in my ipfilter rules. I can irc just fine from the firewall box
because nothing is filtered on it's external interface, traffic is limited
what goes out and comes in on the internal interface, anything behind the
firewall can't irc. Here are my irc rules.
ipnat.conf:
rdr ep0 0.0.0.0/0 port 6667 -> 192.168.0.25 port 6667
and in ipf.conf:
pass in quick on ep1 proto tcp/udp from 192.168.0.0/24 to 192.168.0.25
port = 6667
As for identd it doesn't seem to matter whether or not i have it running,
going or not from the router it works fine, from any other box it does
not.
Any ideas?
Thanks.
Dave.
