Re: TAL-IPC protocol with pf

[Brandon Mercer <b.mercer@trustetc.com>]

Mike Frantzen wrote:

>>Boy have I got one for you!  So my broker dealer upgrades his software 
>>that he uses to get pricing and he can't get any information.  I'm on 
>>the phone with their tech support and she says that I need to allow port 
>>1838 outbound on my firewall.  Fair enough, I try that and things still 
>>don't work.  So I verify with the tech support rep that it runs over 
>>tcp... **BIG PAUSE** she replies, well actually it works over TAL-IPC 
>>which is a proprietary protocol that we've developed.  Oh... ok... so 
>>tcp wasn't good enough for you?  Anyway, the problem as it stands is 
>>that I still need to make this work.  I'm running OpenBSD 3.5 and here 
>>is a snippet of my ruleset. 
>>outgoing = "{ 20, 21, 22, 25, 80, 110, 443, 10000, 21001, 22001, 1838 }"
>>pass in quick on $external inet proto tcp from any to any port $outgoing \
>>    flags S/SA keep state
>>pass out quick on $external inet proto tcp from any to any port $outgoing \
>>    flags S/SA keep state
>>    
>>
>
>Start adding the 'log' modifier to your rules (especially the block
>ones) and look for what packets aren't making it through.  If their
>protocol indeed runs over 1838, then the two possibilities that come to
>mind are IP fragmentation (in which case you want to make sure you have
>a scrub rule) or IP Options (in which case you want to add the
>'allow-opts' modifier to your pass rule).
>  
>
Ok, I'll append some more things.  I do have a scrub rule... don't 
laugh, it's alltels fault.  :-)

scrub in all max-mss 1285

I'm not very clear on the allow-opts... I'll have to read into that.  
Has anyone else ever run into this?  Could quite possibly be something 
simple. 
Brandon