paulgorman.org

< ^ txt

Fri Dec 25 07:19:37 EST 2015 Christmas! Slept from eleven-something to seven. Could have used another hour. Partly sunny and forty-eight today. No white Christmas this year. Mom has decided we should have Christmas dinner at IHOP. I don't know why. ...back from breakfast with mom, Renny, and mom's friend Susan. Surprisingly, a pleasant experience. Not that IHOP was great, but we managed to have a strife-free meal together. I tried chicken and waffles for, I think, the first time. Not bad or anything, but not clearly better together than waffles or chicken on their own. Took a twenty-minute walk when I got home. Nice day out. Saw a robin or two and a bunch of LBJs. Worked more on ipfw for blinky. I started from scratch, and followed the Handbook very closely. Something is wonky, and it's not my understanding of ipfw (such as it is). The inbound connections to blinky (ssh, http, https) don't work; they hang. Went to dad's from 3:30 to 8:30. Nice time. Saw Kate and Isla and Ryan. Isla is one cute kid. Also, while I wasn't too impressed with chicken and waffles, white beans and sauerkraut is a surprisingly tasty combination. Throw in a little sausage for a full meal. More ipfw screwing round... Logged when attempting to ssh in from outside: Dec 25 22:07:04 blinky kernel: ipfw: 59999 Deny TCP nn.49.69.170:22 nn.163.241.174:39333 out via em0 Dec 25 22:13:03 blinky kernel: ipfw: 59999 Deny TCP nn.49.69.170:22 nn.163.241.174:43361 out via em0 Hmm. So, it's not seeing inbound ssh to me 22 (or, at least, the rule count isn't incremented). Instead, it sees these connections as outbound connections from me 22 to remote <high port>, and blocks it. Adding something like this before the deny all rule allows the connections: allow tcp from me ssh,http,https to any xmit $wan But why is this occurring?

< ^ txt