TempNZ
August 4th, 2004, 23:32
Hi there.
We've got a firewall at work which we run doom servers behind just fine.
The problem is running the client which uses a random query port to query master server lists.
I had thought using the following rules would let this work, but I can't figure out why not. Can someone please let me know what I am doing wrong.
${fwcmd} add 10250 pass log all from any to any out via ${oif} setup keep-state
fxp0 is our ${oif}
you can see the result of it here
Aug 5 15:20:26 BRFW01 kernel: ipfw: 10250 Accept UDP 210.nn.nn.186:2691 24.10.75.186:32781 out via fxp0
Aug 5 15:20:26 BRFW01 kernel: ipfw: 10250 Accept UDP 210.nn.nn.186:2691 68.113.14.80:33453 out via fxp0
Aug 5 15:20:26 BRFW01 kernel: ipfw: 10250 Accept UDP 210.nn.nn.186:2691 217.234.182.89:35230 out via fxp0
Aug 5 15:20:26 BRFW01 kernel: ipfw: 64000 Deny UDP 69.132.47.91:1576 10.0.1.127:2691 in via fxp0
Aug 5 15:20:26 BRFW01 kernel: ipfw: 64000 Deny UDP 24.10.75.186:32781 10.0.1.127:2691 in via fxp0
Aug 5 15:20:26 BRFW01 kernel: ipfw: 64000 Deny UDP 63.224.23.210:1046 10.0.1.127:2691 in via fxp0
Am I missing something here, I just want to allow all traffic out and let it come back, I thought that's what the stateful firewall did? Or is it because it's coming back to an internal address that it's happening?
We've got a firewall at work which we run doom servers behind just fine.
The problem is running the client which uses a random query port to query master server lists.
I had thought using the following rules would let this work, but I can't figure out why not. Can someone please let me know what I am doing wrong.
${fwcmd} add 10250 pass log all from any to any out via ${oif} setup keep-state
fxp0 is our ${oif}
you can see the result of it here
Aug 5 15:20:26 BRFW01 kernel: ipfw: 10250 Accept UDP 210.nn.nn.186:2691 24.10.75.186:32781 out via fxp0
Aug 5 15:20:26 BRFW01 kernel: ipfw: 10250 Accept UDP 210.nn.nn.186:2691 68.113.14.80:33453 out via fxp0
Aug 5 15:20:26 BRFW01 kernel: ipfw: 10250 Accept UDP 210.nn.nn.186:2691 217.234.182.89:35230 out via fxp0
Aug 5 15:20:26 BRFW01 kernel: ipfw: 64000 Deny UDP 69.132.47.91:1576 10.0.1.127:2691 in via fxp0
Aug 5 15:20:26 BRFW01 kernel: ipfw: 64000 Deny UDP 24.10.75.186:32781 10.0.1.127:2691 in via fxp0
Aug 5 15:20:26 BRFW01 kernel: ipfw: 64000 Deny UDP 63.224.23.210:1046 10.0.1.127:2691 in via fxp0
Am I missing something here, I just want to allow all traffic out and let it come back, I thought that's what the stateful firewall did? Or is it because it's coming back to an internal address that it's happening?