From owner-freebsd-questions@FreeBSD.ORG  Tue Jul  1 17:50:17 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 27EEF37B401
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Jul 2003 17:50:17 -0700 (PDT)
Received: from floyd.gnulife.org (floyd.gnulife.org [199.86.41.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 93B2D43F85
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Jul 2003 17:50:16 -0700 (PDT)
	(envelope-from jamie@gnulife.org)
Received: by floyd.gnulife.org (Postfix, from userid 1000)
	id 3206D4330F; Tue,  1 Jul 2003 20:01:43 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
	by floyd.gnulife.org (Postfix) with ESMTP id 2C8C74330D
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Jul 2003 20:01:43 -0500 (CDT)
Date: Tue, 1 Jul 2003 20:01:43 -0500 (CDT)
From: Jamie <jamie@gnulife.org>
To: freebsd-questions@freebsd.org
Message-ID: <20030701194934.J6454-100000@floyd.gnulife.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: setting up ipfw
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jul 2003 00:50:17 -0000




   I am having a very difficult time setting up ipfw on a 4.8
installation. Was wondering if anyone might be able to shed some light on
this.

   I followed the directions in the handbook, and I compiled a new kernel
with these options, ( am going for a deny all by default, open services
as necessary philosophy):

options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10



   Upon rebooting, I was unable to access the machine from anywhere, which
is fine, because I have console access.

   Output of ifconfig -a looks like this:

 ifconfig -a
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 200.88.54.93 netmask 0xffffff00 broadcast 200.88.54.255
        inet6 fe80::203:47ff:fe77:8169%fxp0 prefixlen 64 scopeid 0x1
        ether 00:03:47:77:81:69
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500

   the name of the machine is power.bar.com


   I want to ssh in from another machine: foo.bar.com with IP address
200.88.34.12.



  This is the rule I am adding:


ipfw add allow tcp from 200.88.34.12 to power.bar.com 22


   It tells me it can't resolve power.bar.com!

So, I try:

ipfw add allow tcp from 200.88.34.12 to 200.88.54.93 22

   It accepts the rule, but I still cannot connect from foo.bar.com.

   Anyone have any ideas?


    - Jamie



"A friend is someone who lets you have total freedom to be yourself."