[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipf blocking what I think should be open

I am trying to setup backup to happen across the firewall.  My backup
server is Legato and in the Legato docs it says:
"To run backups with the default NetWorker 5.5 (and later)
installation, you need only set up the firewall rules to allow inbound
and outbound TCP/UDP packets to ports 7937-9936, 10001-30000. This
applies to the NetWorker server, clients, and storage nodes. "

So I have my rules setup as:
# Legato backup stuff
pass in quick on fxp0 proto tcp/udp from 156.98.200.90/32 to any port
7936 >< 9937 
pass in quick on fxp0 proto tcp/udp from 156.98.200.90/32 to any port
10000 >< 30001
#add this to see if it helps (it didn't)
pass in quick on fxp0 proto tcp/udp from 156.98.200.90/32 to any port
513 >< 700

But this is what is showing up in my ipflog:
Dec 29 12:57:31 webwall ipmon[22113]: 12:57:31.076101             fxp0
@0:61 b 156.98.200.90,669 -> 156.98.19.25,7937 PR tcp len 20 48 -S IN 
Dec 29 12:57:32 webwall ipmon[22113]: 12:57:32.072079             fxp0
@0:61 b 156.98.200.90,669 -> 156.98.19.25,7937 PR tcp len 20 48 -S IN 
Dec 29 12:57:35 webwall ipmon[22113]: 12:57:35.067294             fxp0
@0:61 b 156.98.200.90,669 -> 156.98.19.25,7937 PR tcp len 20 48 -S IN 
Dec 29 12:57:41 webwall ipmon[22113]: 12:57:41.036897             fxp0
@0:61 b 156.98.200.90,669 -> 156.98.19.25,7937 PR tcp len 20 48 -S IN 
Dec 29 12:57:53 webwall ipmon[22113]: 12:57:52.989949             fxp0
@0:61 b 156.98.200.90,669 -> 156.98.19.25,7937 PR tcp len 20 48 -S IN 
Dec 29 12:57:54 webwall ipmon[22113]: 12:57:53.734521             fxp0
@0:61 b 156.98.200.90,670 -> 156.98.19.25,514 PR tcp len 20 48 -S IN 
Dec 29 12:57:54 webwall ipmon[22113]: 12:57:54.483983             fxp0
@0:61 b 156.98.200.90,670 -> 156.98.19.25,514 PR tcp len 20 48 -S IN 
Dec 29 12:57:57 webwall ipmon[22113]: 12:57:57.472277             fxp0
@0:61 b 156.98.200.90,670 -> 156.98.19.25,514 PR tcp len 20 48 -S IN 
Dec 29 12:58:03 webwall ipmon[22113]: 12:58:03.448848             fxp0
@0:61 b 156.98.200.90,670 -> 156.98.19.25,514 PR tcp len 20 48 -S IN 
Dec 29 12:58:15 webwall ipmon[22113]: 12:58:15.401968             fxp0
@0:61 b 156.98.200.90,670 -> 156.98.19.25,514 PR tcp len 20 48 -S IN 
Dec 29 12:58:40 webwall ipmon[22113]: 12:58:39.308022             fxp0
@0:61 b 156.98.200.90,670 -> 156.98.19.25,514 PR tcp len 20 48 -S IN 
Dec 29 13:01:37 webwall ipmon[22113]: 13:01:37.607735             fxp0
@0:61 b 156.98.200.90,669 -> 156.98.19.25,7937 PR tcp len 20 48 -S IN 
Dec 29 13:01:38 webwall ipmon[22113]: 13:01:38.603711             fxp0
@0:61 b 156.98.200.90,669 -> 156.98.19.25,7937 PR tcp len 20 48 -S IN 
Dec 29 13:01:41 webwall ipmon[22113]: 13:01:41.591997             fxp0
@0:61 b 156.98.200.90,669 -> 156.98.19.25,7937 PR tcp len 20 48 -S IN 
Dec 29 13:01:48 webwall ipmon[22113]: 13:01:47.568517             fxp0
@0:61 b 156.98.200.90,669 -> 156.98.19.25,7937 PR tcp len 20 48 -S IN 
Dec 29 13:02:00 webwall ipmon[22113]: 13:01:59.521569             fxp0
@0:61 b 156.98.200.90,669 -> 156.98.19.25,7937 PR tcp len 20 48 -S IN 
Dec 29 13:02:01 webwall ipmon[22113]: 13:02:00.247406             fxp0
@0:61 b 156.98.200.90,670 -> 156.98.19.25,514 PR tcp len 20 48 -S IN 
Dec 29 13:02:01 webwall ipmon[22113]: 13:02:01.015717             fxp0
@0:61 b 156.98.200.90,670 -> 156.98.19.25,514 PR tcp len 20 48 -S IN 
Dec 29 13:02:10 webwall ipmon[22113]: 13:02:09.980512             fxp0
@0:61 b 156.98.200.90,670 -> 156.98.19.25,514 PR tcp len 20 48 -S IN 
Dec 29 13:02:22 webwall ipmon[22113]: 13:02:21.933495             fxp0
@0:61 b 156.98.200.90,670 -> 156.98.19.25,514 PR tcp len 20 48 -S IN 
Dec 29 13:02:46 webwall ipmon[22113]: 13:02:45.839770             fxp0
@0:61 b 156.98.200.90,670 -> 156.98.19.25,514 PR tcp len 20 48 -S IN 

So what am I doing wrong?  Why are these ports being blocked?

--ja