Date: Mon, 24 Apr 2000 10:53:06 -0400 (EDT) From: Mike Heffner <mheffner@mailandnews.com> To: Jordan Blanchard <cybernetik@sympatico.ca> Cc: freebsd-ipfw@freebsd.org Subject: RE: Firewall and the general Network Message-ID: <XFMail.20000424105306.mheffner@mailandnews.com> In-Reply-To: <NEBBLHFGALIEHENGIGPLGEBCCAAA.cybernetik@sympatico.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 24-Apr-2000 Jordan Blanchard wrote: | | "Forcing you to use a proxy?" What do you mean? | | | well, when trying to view web pages without a proxy program through my 95 | box, it stalls.. | | | Anyway, could you send, | | # ipfw show | | 00060 66545 35492707 allow ip from any to any | 00100 0 0 divert 8668 ip from any to any via tun0 | 00100 0 0 allow ip from any to any via lo0 | 00100 0 0 divert 8668 ip from any to any via tun0 | 00100 0 0 divert 8668 ip from any to any via tun0 | 00200 0 0 deny ip from any to 127.0.0.0/8 | 00210 0 0 deny icmp from any to any via ed0 | 65535 16 1000 deny ip from any to any | Well...there doesn't seem to be much sense to those rules. You should probably be able to notice that all traffic is being passed by rule 60 and none is being diverted through natd (that's what the 0's mean). Also, why do you have 3 different divert rules? Here is my suggestion to achieve a basic functioning firewall: 100 allow ip from any to any via lo0 200 deny ip from any to 127.0.0.0/8 300 divert 8668 ip from any to any via tun0 400 allow ip from any to any Later, /**************************************** * Mike Heffner <spock@techfour.net> * * Fredericksburg, VA ICQ# 882073 * * Sent at: 24-Apr-2000 -- 10:47:58 EST * * http://my.ispchannel.com/~mheffner * ****************************************/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20000424105306.mheffner>