From owner-freebsd-questions@FreeBSD.ORG Thu Apr 6 01:51:02 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7CCE816A401 for ; Thu, 6 Apr 2006 01:51:02 +0000 (UTC) (envelope-from iqgrande@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.235]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A9E643D53 for ; Thu, 6 Apr 2006 01:51:01 +0000 (GMT) (envelope-from iqgrande@gmail.com) Received: by wproxy.gmail.com with SMTP id i6so34764wra for ; Wed, 05 Apr 2006 18:51:01 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:mime-version:content-transfer-encoding:message-id:content-type:to:from:subject:date:x-mailer; b=SuFhKn0lSPJOQXgkoabOzgoDGuLPokQ4vOa3mF7lDVP6/9vGQDP+ZXQe2JzbgI2kotkxbJCZdcW3Qmkpz0zUPiFgkmiDo0ZKntjP5mDof/WIjVxwtiqAlTVczfA2sYS0q56pHKE+gPypybQZhRWrlf3/ndcATzC4k7MjeXgBaPE= Received: by 10.54.127.2 with SMTP id z2mr225153wrc; Wed, 05 Apr 2006 18:51:01 -0700 (PDT) Received: from ?192.168.0.5? ( [67.191.187.35]) by mx.gmail.com with ESMTP id 39sm48186wrl.2006.04.05.18.50.59; Wed, 05 Apr 2006 18:51:00 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v749.3) Content-Transfer-Encoding: 7bit Message-Id: <7DF2083F-A039-495E-8FAC-E6C9D8AA6391@gmail.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: freebsd-questions@freebsd.org From: Anthony M. Agelastos Date: Wed, 5 Apr 2006 21:50:58 -0400 X-Mailer: Apple Mail (2.749.3) Subject: ipfw and ssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2006 01:51:02 -0000 Hello everyone, Allow me to preface my problem by saying that I am very ignorant when it comes to networking. I do apologize if this is trivial. In any event, I enabled the "client" ifpw firewall located in /etc/ rc.firewall. This appears to work well for my needs... except for one additional item. I need someone outside of my network to have SSH access to my machine. I know his/her IP address. So, I have added some additional items to rc.firewall for this. Here is what I added. # Allow person SSH access mip="xxx.xxx.xxx.xxx" ${fwcmd} allow tcp from any to any 22 out setup keep-state ${fwcmd} add pass tcp from ${mip} to me 22 setup limit src- addr 2 I have tried many, many differing variations of this from items I have found online. I cannot get any of them to work. My network setup is as follows internet -> cable modem -> netgear router -> freebsd 6.1-prerelease This user can SSH into my machine when I set the firewall to "open". Any ideas?