RE: IPF Firewall Rules... help!
Dick Since you say you have lime ware working on your LAN behind firewall why don't you post your rules so we can see how you did it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dick Hoogendijk Sent: Friday, April 08, 2005 5:26 PM To: freebsd-questions Subject: Re: IPF Firewall Rules... help! On 08 Apr [EMAIL PROTECTED] wrote: If you read the limewire website carefully you will see that no where does it say it will work on PC on a local area network (LAN). This is one of those products that buries the sending IP address in the packets. A PC on the LAN uses an NATed ip address and this product can not handle that. This is a common problem with products such as this. Are you saying here that limewire does /not/ run on clients on a NATted local area network? If so, how come then that limewire runs on my windows client, as well as on my OS-X and FreeBSD clients? All NATted of course. It's just not designed to work on PC that is on a LAN. It works like a charme for me though. -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.11 ++ FreeBSD 5.3 + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPF Firewall Rules... help!
On Sat, 9 Apr 2005 11:43:23 -0400 [EMAIL PROTECTED] wrote: Dick Since you say you have limewire working on your LAN behind firewall why don't you post your rules so we can see how you did it. # Limewire pass out quick on rl0 proto tcp from any to any port = 6346 flags S keep state pass out quick on rl0 proto udp from any to any port = 6346 keep state That's really all there is to it. No funny things. Just installed limewire on all machines using the defaults. My ipnat.rules is also quit simple: # ### ipnat.rules # # FTP traffic for the internal LAN map rl0 192.168.11.0/24 - 0/32 proxy port 21 ftp/tcp # FTP traffic from the gateway map rl0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp # non-FTP traffic for the internal LAN map rl0 192.168.11.0/24 - 0/32 portmap tcp/udp auto map rl0 192.168.11.0/24 - 0/32 That's all. And as said: limewire works like a charm. -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.11 ++ FreeBSD 5.3 + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IPF Firewall Rules... help!
Dick What you have working is only half of the product. Outbound works for me also but I have ports 6346, 6347, 6348 and 6349. What about the part of other internet users accessing your files. Watch the log and you will see limewire remote server trying to start session to your public ip address when you start limewire. Limewire software may not issue error message about remote users not being able to access your shared files but its is a problem that only happens when PC is nated on LAN. Here do this test, use lan PC to share files with another PC on your lan. I bet that will not work. Or have friend using limewire try to access your shared files on one of your lan pc's. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of dick hoogendijk Sent: Saturday, April 09, 2005 4:46 PM To: freebsd-questions@freebsd.org Subject: Re: IPF Firewall Rules... help! On Sat, 9 Apr 2005 11:43:23 -0400 [EMAIL PROTECTED] wrote: Dick Since you say you have limewire working on your LAN behind firewall why don't you post your rules so we can see how you did it. # Limewire pass out quick on rl0 proto tcp from any to any port = 6346 flags S keep state pass out quick on rl0 proto udp from any to any port = 6346 keep state That's really all there is to it. No funny things. Just installed limewire on all machines using the defaults. My ipnat.rules is also quit simple: # ### ipnat.rules # # FTP traffic for the internal LAN map rl0 192.168.11.0/24 - 0/32 proxy port 21 ftp/tcp # FTP traffic from the gateway map rl0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp # non-FTP traffic for the internal LAN map rl0 192.168.11.0/24 - 0/32 portmap tcp/udp auto map rl0 192.168.11.0/24 - 0/32 That's all. And as said: limewire works like a charm. -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.11 ++ FreeBSD 5.3 + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IPF Firewall Rules... help!
Gareth If you read the limewire website carefully you will see that no where does it say it will work on PC on a local area network (LAN). This is one of those products that buries the sending IP address in the packets. A PC on the LAN uses an NATed ip address and this product can not handle that. This is a common problem with products such as this. This is not an firewall problem. It's a design error in the products internet communications exchange of session packets. It's just not designed to work on PC that is on a LAN. To use this product your XP box has to be connected to the internet with a real public IP address. IE: not be on a LAN using NATed IP address. For your INFO attaching files is a bad thing to do. That is how virus get passed around and many people here on this list will not open them. Next time just post file content into body of your email post. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gareth Bailey Sent: Friday, April 08, 2005 9:26 AM To: freebsd-questions Subject: Fwd: IPF Firewall Rules... help! Hi Bob, Thanks, I have read the handbook and a couple of other articles. I have attached my ipf and ipnat rule lists. Please advise on the commented out Bit torrent sections. The windows clients want to run Limewire. WRT the LAN environment, we have a couple of Windows XP SP2 clients, and the freeBSD gateway. The external connection from the gateway runs upstairs into the block's router, which is connected to an ADSL router (no static IP). Thanks for your help! Gareth On Apr 8, 2005 2:51 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Read the official FreeBSD handbook firewall section. It has working examples. Any more help can only be offered if you post your rules and give details of your LAN environment. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gareth Bailey Sent: Friday, April 08, 2005 8:16 AM To: freebsd-questions Subject: IPF Firewall Rules... help! We have a freebsd gateway server for windows clients. We use IPF with nat. What ipf rules and ipnat rules are required on the gateway for Limewire peer-to-peer to connect on the clients. If you can help, please do... i'm doing something wrong! Thanks Gareth ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPF Firewall Rules... help!
On 08 Apr [EMAIL PROTECTED] wrote: If you read the limewire website carefully you will see that no where does it say it will work on PC on a local area network (LAN). This is one of those products that buries the sending IP address in the packets. A PC on the LAN uses an NATed ip address and this product can not handle that. This is a common problem with products such as this. Are you saying here that limewire does /not/ run on clients on a NATted local area network? If so, how come then that limewire runs on my windows client, as well as on my OS-X and FreeBSD clients? All NATted of course. It's just not designed to work on PC that is on a LAN. It works like a charme for me though. -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.11 ++ FreeBSD 5.3 + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]