Operation: "ipfw on a gateway box"
From: Hiram Abiff (domain.admin_at_online.ie)
Date: 02/15/05
- Previous message: Ted Mittelstaedt: "RE: problem with GCC search path on FreeBSD5.3 AMD64"
- Next in thread: Lowell Gilbert: "Re: Operation: "ipfw on a gateway box""
- Reply: Lowell Gilbert: "Re: Operation: "ipfw on a gateway box""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 15 Feb 2005 13:18:08 +0100 To: freebsd-questions@freebsd.org
I followed your advice and rewrote my firewall rules.
Although, even now, there are some major difficulties.
I still, can't acces the net from my 2 other computers
via my FreeBSD firewalled gateway.
Although I set up on it to allow traffic on
ports 21, 22, 53, 8080 I can only telent to port
21, all the others report a "connection refused" error.
I can ping the FreeBSD box, but i cannot ping any outside
IP addresseses from the FreeBSD box or the other boxes on my
home LAN.
Also when FreeBSD is booting I caught some error messages that
said unknow command "setup" for some of my firewall rules.
I'm getting desperate please assist me in any way possible.
Here's my fwrules file:
> fwcmd="/sbin/ipfw"
>
>
> #Outside interface
> oif="tun0"
>
>
> #Inside interface
> iif="rl0"
>
>
> # Force a flushing of the current rules before reload
> $fwcmd -f flush
>
>
> #Check the state of all packets
> $fwcmd add check-state
>
>
> #Divert all packets through the tunnel interface.
> $fwcmd add divert natd ip from any to any via $oif
>
>
> # Allow all data from my network card and localhost
> $fwcmd add allow all from any to any via lo0
> $fwcmd add allow ip from any to any via $iif
>
> # Allow all connections that I initiate
> $fwcmd add allow tcp from any to any out xmit $oif setup
>
>
> # Once connections are made, allow them to stay open
> $fwcmd add allow tcp from any to any via $oif established
>
>
> # Everyone on the internet is allowed to connect
> $fwcmd add allow tcp from any to any 22 setup
> $fwcmd add allow tcp from any to any 21 setup
> $fwcmd add allow tcp from any to any 8080 setup
> $fwcmd add allow tcp from any to any 53 setup
> $fwcmd add allow tcp from any to any 4662 setup
> $fwcmd add allow udp from any to any 4672 setup
>
>
> # This sends a RESET to all ident packets
> $fwcmd add reset log tcp from any to any 113 in recv $oif
>
>
> # Allow outgoing DNS queries ONLY to the specified servers
>
>
> $fwcmd add allow udp from any to 161.53.114.135 53 out xmit tun0
> $fwcmd add allow udp from any to 161.53.114.145 53 out xmit tun0
>
>
> # Allow them back in with the answers
>
>
> $fwcmd add allow udp from 161.53.114.135 53 to any in recv $oif
> $fwcmd add allow udp from 161.53.114.145 53 to any in recv $oif
>
>
> # Allow ICMP
> $fwcmd add 65435 allow icmp from any to any
>
>
> # Deny all the rest.
> #$fwcmd add 65435 deny log ip from any to any
-- "It was as though a veil had been rent. I saw on that ivory face the expression of sombre pride, of ruthless power, of craven terror -- of an intense and hopeless despair. Did he live his life again in every detail of desire, temptation, and surrender during that supreme moment of complete knowledge?" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Ted Mittelstaedt: "RE: problem with GCC search path on FreeBSD5.3 AMD64"
- Next in thread: Lowell Gilbert: "Re: Operation: "ipfw on a gateway box""
- Reply: Lowell Gilbert: "Re: Operation: "ipfw on a gateway box""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
