Re: TCPmux
31.05.2013 14:10, Stefan Desancic:
Hi,
Thank you for your very speedy response.
Also Attached is the config file.
Kind Regards
Stefan
# Section: Interfaces
public_if19="em0"
private_if18="em1"
mgmt_if="em1"
# End: Interfaces
# Section: Ports
Management = "{22,}"
ikeports = "{500,4500}"
# End: Ports
# Section: Address Table
table {192.168.50.250}
table {192.168.50.1}
table {10.0.0.1}
table {10.0.0.2}
table {192.168.50.250}
table {192.168.100.0/24}
table {192.168.50.0/24}
table {192.168.50.250}
# End: Address Table
# Section: Options
set ruleset-optimization none
set block-policy return
set skip on lo
# End: Options
# Section: Scrubbing
scrub in all
# End: Scrubbing
# Section: Anti Spoofing
antispoof quick for {$public_if19, $private_if18} inet
# End: Anti Spoofing
# Section: Firewall Rules
# Section: System Rules
block in from any to any label RuleId[111]
pass out from any to any label RuleId[112]
# End: System Rules
# Section: VPN LPN access Rules
pass from {} to {} tagged vpn label
RuleId[140]
pass from {} to {} label RuleId[141]
# End: VPN LPN access Rules
# Section: User Rules
# block from any to any no state label RuleId[149]
# pass in from {} to {} label
RuleId[151]
# pass in from {} to {} label
RuleId[152]
pass from any to any label RuleId[157]
# End: User Rules
# Section: IPsec Rules
pass in on $mgmt_if proto {udp} from {} to {}
port $ikeports label RuleId[117]
pass in on $mgmt_if proto {esp} from {} to {}
label RuleId[118]
pass in on $mgmt_if proto {ipencap} from {} to
{} tag management label RuleId[119]
pass proto {udp} from {} to {} port $ikeports
label RuleId[131]
pass proto {udp} from {} to {} port $ikeports
label RuleId[132]
pass proto {esp} from {} to {} label RuleId[133]
pass proto {esp} from {} to {} label RuleId[134]
pass in on $public_if19 proto {udp} from {} to {}
port $ikeports label RuleId[135]
pass out on $public_if19 proto {udp} from {} to {}
port $ikeports label RuleId[136]
pass in on $public_if19 proto {esp} from {} to {}
label RuleId[137]
pass out on $public_if19 proto {esp} from {} to {}
label RuleId[138]
pass in on $public_if19 proto {ipencap} from {} to {}
tag vpn label RuleId[139]
# End: IPsec Rules
# Section: Management Rules
pass in on $mgmt_if proto {tcp} from {} to {}
port $Management tagged management label RuleId[120]
# End: Management Rules
# End: Firewall Rules
I'm missing a rule which would pass tcp connections to port 1 on any
interface. However I can see a pass all rule. Remote connections should
be enabled.
How your tcpmux server is configured? Can you show the output of
`sockstat | grep ':1 '`?
Good Morning,
Is there a flag or a setting in the PF firewall in FreeBSD that you can set to
allow TCPmux traffic to flow through it? The pass all rule doesn't seem to
work, however if I disable PF completely then the TCPmux traffic flow through.
I have no problems with tcpmux and pf. Can you show your config? On my machines
tcpmux is served from inetd on default port (1).
--
Sphinx of black quartz, judge my vow.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: TCPmux
Hi,
Thank you for your very speedy response.
Also Attached is the config file.
Kind Regards
Stefan
# Section: Interfaces
public_if19="em0"
private_if18="em1"
mgmt_if="em1"
# End: Interfaces
# Section: Ports
Management = "{22,}"
ikeports = "{500,4500}"
# End: Ports
# Section: Address Table
table {192.168.50.250}
table {192.168.50.1}
table {10.0.0.1}
table {10.0.0.2}
table {192.168.50.250}
table {192.168.100.0/24}
table {192.168.50.0/24}
table {192.168.50.250}
# End: Address Table
# Section: Options
set ruleset-optimization none
set block-policy return
set skip on lo
# End: Options
# Section: Scrubbing
scrub in all
# End: Scrubbing
# Section: Anti Spoofing
antispoof quick for {$public_if19, $private_if18} inet
# End: Anti Spoofing
# Section: Firewall Rules
# Section: System Rules
block in from any to any label RuleId[111]
pass out from any to any label RuleId[112]
# End: System Rules
# Section: VPN LPN access Rules
pass from {} to {} tagged vpn label
RuleId[140]
pass from {} to {} label RuleId[141]
# End: VPN LPN access Rules
# Section: User Rules
# block from any to any no state label RuleId[149]
# pass in from {} to {} label
RuleId[151]
# pass in from {} to {} label
RuleId[152]
pass from any to any label RuleId[157]
# End: User Rules
# Section: IPsec Rules
pass in on $mgmt_if proto {udp} from {} to {}
port $ikeports label RuleId[117]
pass in on $mgmt_if proto {esp} from {} to {}
label RuleId[118]
pass in on $mgmt_if proto {ipencap} from {} to
{} tag management label RuleId[119]
pass proto {udp} from {} to {} port $ikeports
label RuleId[131]
pass proto {udp} from {} to {} port $ikeports
label RuleId[132]
pass proto {esp} from {} to {} label RuleId[133]
pass proto {esp} from {} to {} label RuleId[134]
pass in on $public_if19 proto {udp} from {} to {}
port $ikeports label RuleId[135]
pass out on $public_if19 proto {udp} from {} to {}
port $ikeports label RuleId[136]
pass in on $public_if19 proto {esp} from {} to {}
label RuleId[137]
pass out on $public_if19 proto {esp} from {} to {}
label RuleId[138]
pass in on $public_if19 proto {ipencap} from {} to {}
tag vpn label RuleId[139]
# End: IPsec Rules
# Section: Management Rules
pass in on $mgmt_if proto {tcp} from {} to {}
port $Management tagged management label RuleId[120]
# End: Management Rules
# End: Firewall Rules
-Original Message-
From: Volodymyr Kostyrko [mailto:c.kw...@gmail.com]
Sent: 31 May 2013 10:32 AM
To: Stefan Desancic; questi...@freebsd.org
Subject: Re: TCPmux
31.05.2013 10:29, Stefan Desancic:
> Good Morning,
>
> Is there a flag or a setting in the PF firewall in FreeBSD that you can set
> to allow TCPmux traffic to flow through it? The pass all rule doesn't seem to
> work, however if I disable PF completely then the TCPmux traffic flow through.
I have no problems with tcpmux and pf. Can you show your config? On my machines
tcpmux is served from inetd on default port (1).
--
Sphinx of black quartz, judge my vow.
Important Notice:
This e-mail and its contents are subject to the Nanoteq (Pty) Ltd e-mail legal
notice available at:
http://www.nanoteq.com/AboutUs/EmailDisclaimer.aspx
pf.conf
Description: pf.conf
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: TCPmux
31.05.2013 10:29, Stefan Desancic: Good Morning, Is there a flag or a setting in the PF firewall in FreeBSD that you can set to allow TCPmux traffic to flow through it? The pass all rule doesn't seem to work, however if I disable PF completely then the TCPmux traffic flow through. I have no problems with tcpmux and pf. Can you show your config? On my machines tcpmux is served from inetd on default port (1). -- Sphinx of black quartz, judge my vow. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
TCPmux
Good Morning, Is there a flag or a setting in the PF firewall in FreeBSD that you can set to allow TCPmux traffic to flow through it? The pass all rule doesn't seem to work, however if I disable PF completely then the TCPmux traffic flow through. Kind Regards Important Notice: This e-mail and its contents are subject to the Nanoteq (Pty) Ltd e-mail legal notice available at: http://www.nanoteq.com/AboutUs/EmailDisclaimer.aspx ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
