From owner-freebsd-questions@FreeBSD.ORG Tue Jul 1 18:29:59 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A5E637B401 for ; Tue, 1 Jul 2003 18:29:59 -0700 (PDT) Received: from [204.213.64.2] (firewall.tiadon.com [204.213.64.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9358943F3F for ; Tue, 1 Jul 2003 18:29:58 -0700 (PDT) (envelope-from kdk@daleco.biz) Received: from rmc.tiadon.com by [204.213.64.2] ESMTP; Tue, 1 Jul 2003 20:29:58 -0500 Received: from applications.tiadon.com (mail.tiadon.com [172.16.18.172]) by bcec01.tiadon.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id M49GAZH7; Tue, 1 Jul 2003 20:29:57 -0500 Received: from firewall.tiadon.com ([204.213.65.143]) by applications.tiadon.com with Microsoft SMTPSVC(5.5.1877.197.19); Tue, 1 Jul 2003 20:29:56 -0500 Received: from [204.213.65.143] by firewall.tiadon.com via smtpd (for mail.tiadon.com [172.16.18.172]) with ESMTP; Tue, 1 Jul 2003 20:29:55 -0500 Message-ID: <03ac01c34039$6e32c380$1b41d5cc@nitanjared> From: "Kevin Kinsey, DaleCo, S.P." To: "Jamie" , References: <20030701194934.J6454-100000@floyd.gnulife.org> Date: Tue, 1 Jul 2003 20:29:47 -0500 Organization: DaleCo, S.P.---"the solutions people" MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: Re: setting up ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Kevin Kinsey, DaleCo, S.P." List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jul 2003 01:29:59 -0000 From: "Jamie" To: Sent: Tuesday, July 01, 2003 8:01 PM Subject: setting up ipfw > I am having a very difficult time setting up ipfw on a 4.8 > installation. Was wondering if anyone might be able to shed some light on > this. > > I followed the directions in the handbook, and I compiled a new kernel > with these options, ( am going for a deny all by default, open services > as necessary philosophy): > > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=10 > > Upon rebooting, I was unable to access the machine from anywhere, which > is fine, because I have console access. > > Output of ifconfig -a looks like this: > > ifconfig -a > fxp0: flags=8843 mtu 1500 > inet 200.88.54.93 netmask 0xffffff00 broadcast 200.88.54.255 > inet6 fe80::203:47ff:fe77:8169%fxp0 prefixlen 64 scopeid 0x1 > ether 00:03:47:77:81:69 > media: Ethernet autoselect (100baseTX ) > status: active > lp0: flags=8810 mtu 1500 > lo0: flags=8049 mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > inet 127.0.0.1 netmask 0xff000000 > ppp0: flags=8010 mtu 1500 > sl0: flags=c010 mtu 552 > faith0: flags=8002 mtu 1500 > > the name of the machine is power.bar.com > > > I want to ssh in from another machine: foo.bar.com with IP address > 200.88.34.12. > > > > This is the rule I am adding: > > > ipfw add allow tcp from 200.88.34.12 to power.bar.com 22 > > > It tells me it can't resolve power.bar.com! > > So, I try: > > ipfw add allow tcp from 200.88.34.12 to 200.88.54.93 22 > > It accepts the rule, but I still cannot connect from foo.bar.com. > > Anyone have any ideas? Are you allowing ip OUT from 200.88.54.93? Please post output of "ipfw show" (not that it's not implicit, I guess...) and describe your network topography. FWIW, here's my top few rules: 00010 allow ip from my.ip.ad.dres to any out 00020 deny log logamount 20 ip from any to any out 00030 allow tcp from any to any established 00040 allow ip from any to any frag 00050 allow tcp from any to my.ip.ad.res setup Kevin Kinsey DaleCo, S.P.