From owner-freebsd-questions Tue Feb 23 16: 9:10 1999 Delivered-To: freebsd-questions@freebsd.org Received: from dns1.briang.org (c879583-a.ptbrg1.sfba.home.com [24.1.122.24]) by hub.freebsd.org (Postfix) with ESMTP id 3137D1116B for ; Tue, 23 Feb 1999 16:09:05 -0800 (PST) (envelope-from brian@briang.org) Received: from brian-desktop (brian-desktop.briang.org [192.168.0.42]) by dns1.briang.org (8.9.1/8.9.1) with SMTP id RAA03568 for ; Tue, 23 Feb 1999 17:17:39 -0800 (PST) Message-ID: <000b01be5f89$ece76ae0$2a00a8c0@brian-desktop.briang.org> Reply-To: "Brian Gallucci" From: "Brian Gallucci" To: "FreeBSD" Subject: IPFW Help Date: Tue, 23 Feb 1999 16:09:20 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a static IP from my ISP and here's the setup I have > fxp0 = 24.1.88.xxx /24 fxp1 = 192.168.0.1 /24 I have a NT box <192.168.0.20> running a DHCP server. When I boot up any of the workstations on my local net I get this message in my log. ipfw: 5600 Deny UDP 0.0.0.0:68 255.255.255.255:67 in via fxp0 ipfw: 5600 Deny UDP 192.168.0.20:67 255.255.255.255:68 in via fxp0 ipfw: 5600 Deny UDP 24.1.88.1:67 255.255.255.255:68 in via fxp0 ipfw: 5300 Deny UDP 0.0.0.0:68 255.255.255.255:67 in via fxp0 ipfw: 5300 Deny UDP 192.168.0.20:67 255.255.255.255:68 in via fxp0 I have told it not to pass any DHCP reguest through the fxp0 interface (ie.) ipfw -a l 00100 0 0 divert 6668 ip from any to any via fxp0 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 ^^00300 0 0 deny udp from any 67 to any out xmit fxp0^^ ^^00400 0 0 deny udp from any 68 to any out xmit fxp0^^ 00500 0 0 allow ip from any to any out xmit fxp0 00600 17 1056 allow ip from any to any via fxp1 00700 0 0 allow udp from any to any 53 03000 0 0 allow tcp from any to any in recv fxp0 established 04600 0 0 deny log tcp from xxxxxx to any in recv fxp0 setup 04700 0 0 deny log tcp from xxxxxx to any in recv fxp0 setup 04800 0 0 allow tcp from any to any 23 in recv fxp0 setup 04900 0 0 allow tcp from any to any 25 in recv fxp0 setup 05000 0 0 allow tcp from any to any 55 in recv fxp0 setup 05100 0 0 allow tcp from any to any 80 in recv fxp0 setup 05200 0 0 deny log tcp from any to any in recv fxp0 05300 0 0 deny log udp from any to any in recv fxp0 05400 0 0 allow icmp from any to any via fxp1 05500 0 0 allow icmp from any to any in recv fxp0 icmptype 0 05600 0 0 allow icmp from any to any out xmit fxp0 icmptype 8 05700 0 0 allow icmp from any to any in recv fxp0 icmptype 3 05800 0 0 allow icmp from any to any in recv fxp0 icmptype 11 65534 0 0 deny log ip from any to any 65535 0 0 deny ip from any to any So I dont understand, did I miss something ? Thanks -Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message