Date: Tue, 1 Jul 2003 20:29:47 -0500 From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: "Jamie" <jamie@gnulife.org>, <freebsd-questions@freebsd.org> Subject: Re: setting up ipfw Message-ID: <03ac01c34039$6e32c380$1b41d5cc@nitanjared> References: <20030701194934.J6454-100000@floyd.gnulife.org>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "Jamie" <jamie@gnulife.org> To: <freebsd-questions@freebsd.org> Sent: Tuesday, July 01, 2003 8:01 PM Subject: setting up ipfw > I am having a very difficult time setting up ipfw on a 4.8 > installation. Was wondering if anyone might be able to shed some light on > this. > > I followed the directions in the handbook, and I compiled a new kernel > with these options, ( am going for a deny all by default, open services > as necessary philosophy): > > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=10 > > Upon rebooting, I was unable to access the machine from anywhere, which > is fine, because I have console access. > > Output of ifconfig -a looks like this: > > ifconfig -a > fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 200.88.54.93 netmask 0xffffff00 broadcast 200.88.54.255 > inet6 fe80::203:47ff:fe77:8169%fxp0 prefixlen 64 scopeid 0x1 > ether 00:03:47:77:81:69 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > inet 127.0.0.1 netmask 0xff000000 > ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 > sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 > faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 > > the name of the machine is power.bar.com > > > I want to ssh in from another machine: foo.bar.com with IP address > 200.88.34.12. > > > > This is the rule I am adding: > > > ipfw add allow tcp from 200.88.34.12 to power.bar.com 22 > > > It tells me it can't resolve power.bar.com! > > So, I try: > > ipfw add allow tcp from 200.88.34.12 to 200.88.54.93 22 > > It accepts the rule, but I still cannot connect from foo.bar.com. > > Anyone have any ideas? Are you allowing ip OUT from 200.88.54.93? Please post output of "ipfw show" (not that it's not implicit, I guess...) and describe your network topography. FWIW, here's my top few rules: 00010 allow ip from my.ip.ad.dres to any out 00020 deny log logamount 20 ip from any to any out 00030 allow tcp from any to any established 00040 allow ip from any to any frag 00050 allow tcp from any to my.ip.ad.res setup Kevin Kinsey DaleCo, S.P.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?03ac01c34039$6e32c380$1b41d5cc>