Date: Sat, 21 Nov 1998 05:00:58 +0100 (MET) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: alden@math.ohio-state.edu (Dave Alden) Cc: freebsd-net@FreeBSD.ORG Subject: Re: bridging hints? Message-ID: <199811210400.FAA28620@labinfo.iet.unipi.it> In-Reply-To: <199811202109.QAA06927@math.mps.ohio-state.edu> from "Dave Alden" at Nov 20, 98 04:09:28 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi, > I'm planning on using a FreeBSD box as our departmental firewall. I > just started playing around with it and have a box configured with 2 Intel > EtherExpress 100+ cards, our LAN on one and a workstation (call 'wkstn') > on the other. I'm trying to learn ipfw, so I setup the FreeBSD box as a > "client" firewall. I then did: i am not sure what you mean by "client" firewall -- i suppose that you are setting the firewall on the machine acting as a bridge. > ipfw add deny tcp from any to wkstn > > This works as expected. But if I try to just turn of certain ports with: > > ipfw add deny tcp from any to wkstn 1-1024 > > it doesn't work as I would expect (it allows me to telnet to the machine). i have never tried this... have you tried, by chance, to block single ports as opposed to a range and see if it makes a difference ? If it does it could be a bug in ipfw.c, otherwhise it is in the way the bridge code uses ipfw luigi > Can someone tell me what I'm doing wrong? :-) > > ...thnx, > ...dave > > ps I have set net.link.ether.bridge_ipfw=1. :-) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811210400.FAA28620>