From stephen.meli at gmail.com Thu Sep 7 22:17:02 2006 From: stephen.meli at gmail.com (Stephen Meli) Date: Thu Sep 7 22:24:13 2006 Subject: [macosx-unix] VPN/Firewall 10.4.7(server) In-Reply-To: <20060412134249.GD14250@sta.duo> Message-ID: Hi, Was just wondering if anyone can help me resolve a VPN/Firewall issue. I am trying to make an out going VPN connection and with the OS X firewall enabled I am not able to do so. If I disable the firewall I can make the connection with no issues. As far as my firewall settings go I have the VPN PPTP set to allow for TCP on port 1723 which is the port I need to use. I went into the advanced tab and tried setting up an allow action for ports 1723 as well but that didn't work either. Any help would be appreciated. Thanks, Stephen From ber at easthouston.org Fri Sep 8 00:14:42 2006 From: ber at easthouston.org (Brian Redman) Date: Fri Sep 8 00:16:04 2006 Subject: [macosx-unix] VPN/Firewall 10.4.7(server) In-Reply-To: References: Message-ID: <006F3782-7DAD-464A-9F7F-3179ED491C53@easthouston.org> Hello, Stephen. I don't squat about VPN but... When you enable your firewall, what does "ipfw list" show? If there's nothing obvious you can start deleting rules until you can make the connection, then add them back to find which of them prevented it. ber On Sep 7, 2006, at 10:17 PM, Stephen Meli wrote: > Hi, > > Was just wondering if anyone can help me resolve a VPN/Firewall > issue. I am > trying to make an out going VPN connection and with the OS X firewall > enabled I am not able to do so. If I disable the firewall I can > make the > connection with no issues. > > As far as my firewall settings go I have the VPN PPTP set to allow > for TCP > on port 1723 which is the port I need to use. I went into the > advanced tab > and tried setting up an allow action for ports 1723 as well but > that didn't > work either. Any help would be appreciated. > > Thanks, > Stephen > > > _______________________________________________ > macosx-unix mailing list > macosx-unix@lesmuug.org > http://lesmuug.org/mailman/listinfo/macosx-unix > From stephen.meli at gmail.com Fri Sep 8 07:44:44 2006 From: stephen.meli at gmail.com (Stephen Meli) Date: Fri Sep 8 07:51:50 2006 Subject: [macosx-unix] VPN/Firewall 10.4.7(server) In-Reply-To: <006F3782-7DAD-464A-9F7F-3179ED491C53@easthouston.org> Message-ID: This is what ipfw is showing me: 12317 allow log logamount 1000 tcp from any to any dst-port 1723 On 9/8/06 12:14 AM, "Brian Redman" wrote: > Hello, Stephen. I don't squat about VPN but... > > When you enable your firewall, what does "ipfw list" show? If > there's nothing obvious you can start deleting rules until you can > make the connection, then add them back to find which of them > prevented it. > > ber > > On Sep 7, 2006, at 10:17 PM, Stephen Meli wrote: > >> Hi, >> >> Was just wondering if anyone can help me resolve a VPN/Firewall >> issue. I am >> trying to make an out going VPN connection and with the OS X firewall >> enabled I am not able to do so. If I disable the firewall I can >> make the >> connection with no issues. >> >> As far as my firewall settings go I have the VPN PPTP set to allow >> for TCP >> on port 1723 which is the port I need to use. I went into the >> advanced tab >> and tried setting up an allow action for ports 1723 as well but >> that didn't >> work either. Any help would be appreciated. >> >> Thanks, >> Stephen >> >> >> _______________________________________________ >> macosx-unix mailing list >> macosx-unix@lesmuug.org >> http://lesmuug.org/mailman/listinfo/macosx-unix >> > From ber at easthouston.org Fri Sep 8 10:21:55 2006 From: ber at easthouston.org (Brian Redman) Date: Fri Sep 8 10:23:18 2006 Subject: [macosx-unix] VPN/Firewall 10.4.7(server) In-Reply-To: References: Message-ID: <10361636-003B-4C7F-B187-46468A89A2DE@easthouston.org> Search for VPN in and try opening the indicated ports. ber On Sep 8, 2006, at 7:44 AM, Stephen Meli wrote: > This is what ipfw is showing me: > > 12317 allow log logamount 1000 tcp from any to any dst-port 1723 > > > On 9/8/06 12:14 AM, "Brian Redman" wrote: > >> Hello, Stephen. I don't squat about VPN but... >> >> When you enable your firewall, what does "ipfw list" show? If >> there's nothing obvious you can start deleting rules until you can >> make the connection, then add them back to find which of them >> prevented it. >> >> ber >> >> On Sep 7, 2006, at 10:17 PM, Stephen Meli wrote: >> >>> Hi, >>> >>> Was just wondering if anyone can help me resolve a VPN/Firewall >>> issue. I am >>> trying to make an out going VPN connection and with the OS X >>> firewall >>> enabled I am not able to do so. If I disable the firewall I can >>> make the >>> connection with no issues. >>> >>> As far as my firewall settings go I have the VPN PPTP set to allow >>> for TCP >>> on port 1723 which is the port I need to use. I went into the >>> advanced tab >>> and tried setting up an allow action for ports 1723 as well but >>> that didn't >>> work either. Any help would be appreciated. >>> >>> Thanks, >>> Stephen >>> >>> >>> _______________________________________________ >>> macosx-unix mailing list >>> macosx-unix@lesmuug.org >>> http://lesmuug.org/mailman/listinfo/macosx-unix >>> >> > > > _______________________________________________ > macosx-unix mailing list > macosx-unix@lesmuug.org > http://lesmuug.org/mailman/listinfo/macosx-unix > From ike at lesmuug.org Sat Sep 9 13:56:07 2006 From: ike at lesmuug.org (Isaac Levy) Date: Sat Sep 9 13:57:39 2006 Subject: [macosx-unix] VPN/Firewall 10.4.7(server) In-Reply-To: <10361636-003B-4C7F-B187-46468A89A2DE@easthouston.org> References: <10361636-003B-4C7F-B187-46468A89A2DE@easthouston.org> Message-ID: Hi All, I just solved a problem for a client this week with a VPN and a firewall/router, the problem had 2 parts. I'm no expert in VPN's, but my experience here could help. -- The first part was pretty tricky, one end of the VPN subnet sits behind a NAT. IPSEC traffic runs at layer 3 (where routing and switches usually run the show), it's lower level than TCP or UDP in the network stack. Therefore, we had to setup their router/firewall behind the NAT, (behind a Cisco PIX), so that it would foreword ESP (or AH) packets to our subnet router. I don't know that this part will be relevant to your setup, I guess it only would if your Mac itself is setup with some funky NAT- the ESP and AH packets are below the firewall's reach. http://doc.m0n0.ch/handbook/ipsec-behindfirewall.html -- Then, we had to openin up port 500, for UDP packets for ISAKMP and IKE- an important part of how VPN tunnels are formed. Opening up port 500 using ipfw is the easy part on your mac- or you could even use the Firewall panel in System Preferences to open it up. http://www.networksorcery.com/enp/protocol/isakmp.htm http://www.networksorcery.com/enp/protocol/ike.htm Hope this helps- Best, .ike On Sep 8, 2006, at 10:21 AM, Brian Redman wrote: > Search for VPN in artnum=106439> and try opening the indicated ports. > > ber > > On Sep 8, 2006, at 7:44 AM, Stephen Meli wrote: > >> This is what ipfw is showing me: >> >> 12317 allow log logamount 1000 tcp from any to any dst-port 1723 >> >> >> On 9/8/06 12:14 AM, "Brian Redman" wrote: >> >>> Hello, Stephen. I don't squat about VPN but... >>> >>> When you enable your firewall, what does "ipfw list" show? If >>> there's nothing obvious you can start deleting rules until you can >>> make the connection, then add them back to find which of them >>> prevented it. >>> >>> ber >>> >>> On Sep 7, 2006, at 10:17 PM, Stephen Meli wrote: >>> >>>> Hi, >>>> >>>> Was just wondering if anyone can help me resolve a VPN/Firewall >>>> issue. I am >>>> trying to make an out going VPN connection and with the OS X >>>> firewall >>>> enabled I am not able to do so. If I disable the firewall I can >>>> make the >>>> connection with no issues. >>>> >>>> As far as my firewall settings go I have the VPN PPTP set to allow >>>> for TCP >>>> on port 1723 which is the port I need to use. I went into the >>>> advanced tab >>>> and tried setting up an allow action for ports 1723 as well but >>>> that didn't >>>> work either. Any help would be appreciated. >>>> >>>> Thanks, >>>> Stephen >>>> >>>> >>>> _______________________________________________ >>>> macosx-unix mailing list >>>> macosx-unix@lesmuug.org >>>> http://lesmuug.org/mailman/listinfo/macosx-unix >>>> >>> >> >> >> _______________________________________________ >> macosx-unix mailing list >> macosx-unix@lesmuug.org >> http://lesmuug.org/mailman/listinfo/macosx-unix >> > > _______________________________________________ > macosx-unix mailing list > macosx-unix@lesmuug.org > http://lesmuug.org/mailman/listinfo/macosx-unix > From ike at lesmuug.org Fri Sep 29 09:46:54 2006 From: ike at lesmuug.org (Isaac Levy) Date: Fri Sep 29 09:48:44 2006 Subject: [macosx-unix] Color Precision, LCD display Message-ID: Hey All, So I've been trying to track down a particular LaCie Blue CRT display for a designer client of mine, and it seems they stopped making them LONG ago. This client does precision color work, and are accustomed to the quality of the older high-end CRT's. However, the market for high-end displays seems to have all gone to LCD's- which freaks my client (and me) out- mostly with regard to color fidelity. Does anyone have the low-down, or perhaps some URLS to toss me, on this topic? Thanks! Best, .ike