From owner-freebsd-security Sun Jul 2 14:22:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from outblaze12.outblaze.com (209.249.164.196.outblaze.com [209.249.164.196]) by hub.freebsd.org (Postfix) with SMTP id 0B29E37B52E for ; Sun, 2 Jul 2000 14:22:37 -0700 (PDT) (envelope-from openzero@bsdmail.com) Received: (qmail 64360 invoked by uid 1001); 2 Jul 2000 21:22:35 -0000 Message-ID: <20000702212235.64359.qmail@bsdmail.com> Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit Mime-Version: 1.0 X-Mailer: MIME-tools 4.104 (Entity 4.117) From: openzero@bsdmail.com To: security@freebsd.org Date: Sun, 02 Jul 2000 22:22:35 +0100 Subject: Re: Firewall and FTPD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Well! Thanks for the massive response, but the problem still exist! Hm, I'm downloaded the 3.4-install.iso, so I will updgrade to FreeBSD-3.4-RELEASES, download the SecureBSDV1.0 and patch with kame-20000425-stable..... (need IPv6!) Hm! I changed my firewall, but nothing happends! Here are the outputs... /etc/firewall.OpenZERO --- CUT HERE --- fwcmd="/sbin/ipfw" $fwcmd -f flush $fwcmd add divert natd all from any to any via tun0 $fwcmd add allow ip from any to any via lo0 $fwcmd add allow ip from any to any via rl0 $fwcmd add allow tcp from any to any out xmit tun0 setup $fwcmd add allow tcp from any to any via tun0 established #$fwcmd add 65435 allow tcp from any to any 80 setup #$fwcmd add 65435 allow tcp from any to any 25 setup $fwcmd add 1000 allow log tcp from any to any 21 setup $fwcmd add 1100 allow log tcp from any to any 20 setup $fwcmd add reset log tcp from any to any 113 in recv tun0 $fwcmd add allow udp from any to 194.25.2.129 53 out xmit tun0 $fwcmd add allow udp from 194.25.2.129 53 to any in recv tun0 $fwcmd add 65000 allow log icmp from any to any $fwcmd add 65100 deny log ip from any to any --- CUT HERE --- And here is the output via : # ipfw show --- CUT HERE --- 00100 943 357224 divert 8668 ip from any to any via tun0 00200 0 0 allow ip from any to any via lo0 00300 0 0 allow ip from any to any via rl0 00400 45 3060 allow tcp from any to any out xmit tun0 setup 00500 869 350770 allow tcp from any to any via tun0 established 01000 1 68 allow log tcp from any to any 21 setup 01100 0 0 allow log tcp from any to any 20 setup 01200 1 68 reset log tcp from any to any 113 in recv tun0 01300 10 642 allow udp from any to 194.25.2.129 53 out xmit tun0 01400 10 2172 allow udp from 194.25.2.129 53 to any in recv tun0 65000 1 56 allow log icmp from any to any 65100 6 388 deny log ip from any to any 65535 18811 13686295 allow ip from any to any --- CUT HERE--- Please help me with the problem! If you see something other (may be security related), please contact me........ -- Get your free email from http://www.bsdmail.com Powered by OutBlaze To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message