Re: pls help for ipfw
On Wednesday 21 September 2005 01:20 pm, ann kok wrote: Hi all my box is running freebsd5.4 with natd and ipfw I have problem about ipfw rule for internal users to access outside tftp server my rules: ipfw add allow udp from any to tftpserverip ipfw add allow udp from tftpserverip to any In the freebsd box, I can access tftp server but internal users is hanging in the get state Did you allow tcp 20 21 for ftp. Kent Thank you for your help __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Kent Stewart Richland, WA http://users.owt.com/kstewart/index.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pls help for ipfw
On Sep 21, 2005, at 4:20 PM, ann kok wrote: my rules: ipfw add allow udp from any to tftpserverip ipfw add allow udp from tftpserverip to any In the freebsd box, I can access tftp server but internal users is hanging in the get state TFTP may also use TCP: % grep tftp /etc/services tftp 69/udp # Trivial File Transfer tftp 69/tcp # Trivial File Transfer -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pls help for ipfw
On Sep 21, 2005, at 4:29 PM, Kent Stewart wrote: my box is running freebsd5.4 with natd and ipfw I have problem about ipfw rule for internal users to access outside tftp server Did you allow tcp 20 21 for ftp. FTP and TFTP aren't the same thing. Also, if the original poster is using NAT, you have to coordinate settings in the natd configuration to punch holes dynamicly for the FTP data channel, see the example posted yesterday from the thread Re: IPFW2+NAT stateful rules VS. FTP... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pls help for ipfw
Charles Swiger [EMAIL PROTECTED] writes: On Sep 21, 2005, at 4:20 PM, ann kok wrote: my rules: ipfw add allow udp from any to tftpserverip ipfw add allow udp from tftpserverip to any In the freebsd box, I can access tftp server but internal users is hanging in the get state TFTP may also use TCP: % grep tftp /etc/services tftp 69/udp # Trivial File Transfer tftp 69/tcp # Trivial File Transfer Except that it doesn't. The port is reserved to avoid confusion, but the TFTP protocol doesn't run on TCP. NAT is probably hanging things up. I think that all that's needed is to add-state on the outgoing TFTP rule. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pls help for ipfw
thank you for your mail I tried add-state but ipfw: unrecognised option [-1] add-state --- Lowell Gilbert [EMAIL PROTECTED] wrote: Charles Swiger [EMAIL PROTECTED] writes: On Sep 21, 2005, at 4:20 PM, ann kok wrote: my rules: ipfw add allow udp from any to tftpserverip ipfw add allow udp from tftpserverip to any In the freebsd box, I can access tftp server but internal users is hanging in the get state TFTP may also use TCP: % grep tftp /etc/services tftp 69/udp # Trivial File Transfer tftp 69/tcp # Trivial File Transfer Except that it doesn't. The port is reserved to avoid confusion, but the TFTP protocol doesn't run on TCP. NAT is probably hanging things up. I think that all that's needed is to add-state on the outgoing TFTP rule. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pls help for ipfw
ann kok [EMAIL PROTECTED] writes:
thank you for your mail
I tried add-state but
ipfw: unrecognised option [-1] add-state
Sorry; I meant keep-state:
$fwcmd add pass udp from any to any ntp keep-state out xmit ${oif}
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
