Date: Wed, 28 Jun 2000 15:27:28 +0200 (CEST) From: Leif Neland <leifn@neland.dk> To: Peter Salvage <wizard@sybaweb.co.za> Cc: "freebsd-isp@freebsd.org" <freebsd-isp@FreeBSD.ORG> Subject: Re: IPFW Message-ID: <Pine.BSF.4.05.10006281521240.27618-100000@arnold.neland.dk> In-Reply-To: <000601bfe0e4$c2f27c60$0200a8c0@ait.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 Jun 2000, Peter Salvage wrote: > Hi all > > My apologies if this is OT. If so, please point me (gently) in the > direction of the appropriate list. > > A friend of mine installed FreeBSD with IPFW on a machine here to assist > with securing my network. > > The network is set up as follows: > net > (a) | > router > (b) | (1st nic) > FreeBSD > (c) | (2nd nic) > mail server--proxy server > (d) | (2nd nic) > internal network > > (a) subnet 192.168.0.0/30 > (b) subnet 192.168.0.4/30 > (c) subnet 192.168.0.8/29 > (d) subnet 192.168.0.16/29 > > I'm unable to telnet to the router from the internal network, even > though I've set an access list on the router allowing vty 0-4 access > only from subnet (b). Therefore I'm assuming I've left something out of > my rules list on the FreeBSD box. > > Could someone please assist? > A: Is routing ok, i.e. can you ping? from d to the router? I guess so... B: If your access list on the router says only subnet (b) can access it, then that's why subnet (d) can not access it. You didn't mention that you were using NAT on the FreeBSD box, so if you telnet from (d), that's the adress the router will see. Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10006281521240.27618-100000>