On 2/12/2015 12:27 AM, el...@sentor.se wrote:
On Tue, 1 Dec 2015, Mark Felder wrote:
On Tue, Dec 1, 2015, at 02:02, wishmaster wrote:
Hi, Mark.
I'm hoping someone can explain what happened here and this isn't
a bug,
but if it is a bug I'll gladly open a PR.
I noticed in my ipfw logs th
On Tue, Dec 1, 2015, at 12:08, Gary Palmer wrote:
>
> Have you looked at the ipfw state tables to see if a state is recorded?
>
> ipfw -d list
>
> I think
>
Yes, and I can see the state especially for IPv6.
I think I have solved this mystery. There was a problem, and I solved
it, but then w
On Tue, Dec 01, 2015 at 12:00:47PM -0600, Mark Felder wrote:
>
>
> On Tue, Dec 1, 2015, at 09:16, wishmaster wrote:
> >
> > --- Original message ---
> > From: "Mark Felder"
> > Date: 1 December 2015, 17:05:35
> >
> >
> > >
> > >
> > > On Tue, Dec 1, 2015, at 02:02, wishmaster wrote:
>
On Tue, Dec 1, 2015, at 09:16, wishmaster wrote:
>
> --- Original message ---
> From: "Mark Felder"
> Date: 1 December 2015, 17:05:35
>
>
> >
> >
> > On Tue, Dec 1, 2015, at 02:02, wishmaster wrote:
> > >
> > > Hi, Mark.
> > >
> > >
> > > > I'm hoping someone can explain what happe
On Tue, 1 Dec 2015, Mark Felder wrote:
On Tue, Dec 1, 2015, at 10:50, el...@sentor.se wrote:
Not that this helps this thread to move on, but just to clarify:
In this case, the NAT that would introduce the randomized src port would
be *your* NAT, not a NAT at pool.ntp.org.
Deny UDP [2604:a
On Tue, Dec 1, 2015, at 10:50, el...@sentor.se wrote:
>
> Not that this helps this thread to move on, but just to clarify:
>
> In this case, the NAT that would introduce the randomized src port would
> be *your* NAT, not a NAT at pool.ntp.org.
>
>
> Deny UDP [2604:a880:800:10::bc:c004]:123 [
On Tue, 1 Dec 2015, Mark Felder wrote:
On Tue, Dec 1, 2015, at 09:53, el...@sentor.se wrote:
On Tue, 1 Dec 2015, Matthew Seaman wrote:
On 2015/12/01 15:05, Mark Felder wrote:
Notice how almost all of them are port 123 on both sides, but a few of
them are not. Why? The RFC says that NTP is
On Tue, Dec 1, 2015, at 10:27, el...@sentor.se wrote:
> On Tue, 1 Dec 2015, Mark Felder wrote:
>
> >
> >
> > On Tue, Dec 1, 2015, at 02:02, wishmaster wrote:
> >>
> >> Hi, Mark.
> >>
> >>
> >>> I'm hoping someone can explain what happened here and this isn't a bug,
> >>> but if it is a bug I'll
On Tue, 1 Dec 2015, Mark Felder wrote:
On Tue, Dec 1, 2015, at 02:02, wishmaster wrote:
Hi, Mark.
I'm hoping someone can explain what happened here and this isn't a bug,
but if it is a bug I'll gladly open a PR.
I noticed in my ipfw logs that I was getting a log of "DENY" entries for
an
On Tue, Dec 1, 2015, at 09:53, el...@sentor.se wrote:
>
> On Tue, 1 Dec 2015, Matthew Seaman wrote:
>
> > On 2015/12/01 15:05, Mark Felder wrote:
> >> Notice how almost all of them are port 123 on both sides, but a few of
> >> them are not. Why? The RFC says that NTP is supposed to be using por
On Tue, 1 Dec 2015, Matthew Seaman wrote:
On 2015/12/01 15:05, Mark Felder wrote:
Notice how almost all of them are port 123 on both sides, but a few of
them are not. Why? The RFC says that NTP is supposed to be using port
123 as both the source and destination port, but I clearly have
somethi
--- Original message ---
From: "Mark Felder"
Date: 1 December 2015, 17:05:35
>
>
> On Tue, Dec 1, 2015, at 02:02, wishmaster wrote:
> >
> > Hi, Mark.
> >
> >
> > > I'm hoping someone can explain what happened here and this isn't a bug,
> > > but if it is a bug I'll gladly open a PR.
On 2015/12/01 15:05, Mark Felder wrote:
> Notice how almost all of them are port 123 on both sides, but a few of
> them are not. Why? The RFC says that NTP is supposed to be using port
> 123 as both the source and destination port, but I clearly have
> something happening on port 16205. Is somethin
On Tue, Dec 1, 2015, at 02:02, wishmaster wrote:
>
> Hi, Mark.
>
>
> > I'm hoping someone can explain what happened here and this isn't a bug,
> > but if it is a bug I'll gladly open a PR.
> >
> > I noticed in my ipfw logs that I was getting a log of "DENY" entries for
> > an NTP server
> >
Hi, Mark.
> I'm hoping someone can explain what happened here and this isn't a bug,
> but if it is a bug I'll gladly open a PR.
>
> I noticed in my ipfw logs that I was getting a log of "DENY" entries for
> an NTP server
>
> Nov 30 13:35:16 gw kernel: ipfw: 4540 Deny UDP
> [2604:a880:800:10::
Hi, Mark--
On Nov 30, 2015, at 1:58 PM, Mark Felder wrote:
> [ ... ]
> I noticed my outbound IPv6 didn't have $ks for udp, so I added it.
> However, that had no effect. The solution was to add an incoming rule:
>
> $cmd 03755 allow udp from any to any src-port 123 in via $pif6 $ks
>
> This seem
I'm hoping someone can explain what happened here and this isn't a bug,
but if it is a bug I'll gladly open a PR.
I noticed in my ipfw logs that I was getting a log of "DENY" entries for
an NTP server
Nov 30 13:35:16 gw kernel: ipfw: 4540 Deny UDP
[2604:a880:800:10::bc:c004]:123 [2001:470:1f11:1e
17 matches
Mail list logo
