Date: Tue, 1 Jul 2003 20:45:13 -0500 From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>, "Jamie" <jamie@gnulife.org>, <freebsd-questions@freebsd.org> Subject: Re: setting up ipfw Message-ID: <03e401c3403b$959b58e0$1b41d5cc@nitanjared> References: <20030701194934.J6454-100000@floyd.gnulife.org> <03ac01c34039$6e32c380$1b41d5cc@nitanjared>
next in thread | previous in thread | raw e-mail | index | archive | help
CORRECTION:
That last rule I quoted is actually:
00050 allow tcp from any to my.ip.ad.res 22 setup
^^
Makes it work much better for SSH...
----- Original Message -----
From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>
To: "Jamie" <jamie@gnulife.org>; <freebsd-questions@freebsd.org>
Sent: Tuesday, July 01, 2003 8:29 PM
Subject: Re: setting up ipfw
> From: "Jamie" <jamie@gnulife.org>
> To: <freebsd-questions@freebsd.org>
> Sent: Tuesday, July 01, 2003 8:01 PM
> Subject: setting up ipfw
>
>
> > I am having a very difficult time setting up ipfw on a 4.8
> > installation. Was wondering if anyone might be able to shed some
> light on
> > this.
> >
> > I followed the directions in the handbook, and I compiled a
new
> kernel
> > with these options, ( am going for a deny all by default, open
> services
> > as necessary philosophy):
> >
> > options IPFIREWALL
> > options IPFIREWALL_VERBOSE
> > options IPFIREWALL_VERBOSE_LIMIT=10
> >
> > Upon rebooting, I was unable to access the machine from
> anywhere, which
> > is fine, because I have console access.
> >
> > Output of ifconfig -a looks like this:
> >
> > ifconfig -a
> > fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> > inet 200.88.54.93 netmask 0xffffff00 broadcast
> 200.88.54.255
> > inet6 fe80::203:47ff:fe77:8169%fxp0 prefixlen 64 scopeid
> 0x1
> > ether 00:03:47:77:81:69
> > media: Ethernet autoselect (100baseTX <full-duplex>)
> > status: active
> > lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
> > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> > inet6 ::1 prefixlen 128
> > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
> > inet 127.0.0.1 netmask 0xff000000
> > ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> > sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
> > faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
> >
> > the name of the machine is power.bar.com
> >
> >
> > I want to ssh in from another machine: foo.bar.com with IP
> address
> > 200.88.34.12.
> >
> >
> >
> > This is the rule I am adding:
> >
> >
> > ipfw add allow tcp from 200.88.34.12 to power.bar.com 22
> >
> >
> > It tells me it can't resolve power.bar.com!
> >
> > So, I try:
> >
> > ipfw add allow tcp from 200.88.34.12 to 200.88.54.93 22
> >
> > It accepts the rule, but I still cannot connect from
> foo.bar.com.
> >
> > Anyone have any ideas?
>
> Are you allowing ip OUT from 200.88.54.93?
>
> Please post output of "ipfw show" (not that it's
> not implicit, I guess...) and describe your network
> topography.
>
> FWIW, here's my top few rules:
>
> 00010 allow ip from my.ip.ad.dres to any out
> 00020 deny log logamount 20 ip from any to any out
> 00030 allow tcp from any to any established
> 00040 allow ip from any to any frag
> 00050 allow tcp from any to my.ip.ad.res setup
>
> Kevin Kinsey
> DaleCo, S.P.
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?03e401c3403b$959b58e0$1b41d5cc>