Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 Apr 2006 22:08:08 -0400
From:      Ean Kingston <ean@istop.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: ipfw and ssh
Message-ID:  <200604052208.08520.ean@istop.com>
In-Reply-To: <7DF2083F-A039-495E-8FAC-E6C9D8AA6391@gmail.com>
References:  <7DF2083F-A039-495E-8FAC-E6C9D8AA6391@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
You neglected to include the 'add' in your first fwcmd.

You may want to try something simple to start with. I haven't used ipfw in a 
while so hopefully my syntax is still good. Here is a simple starting point:

# Allow person SSH access
mip="xxx.xxx.xxx.xxx"	# IP Address of person
${fwcmd} add allow tcp from ${mip} to me 22 in	# allow connection to ssh
${fwcmd} add allow tcp from me 22 to ${mip} out	# allow me to respond 

I think all you really need is this:

# Allow setup of incoming ssh
${fwcmd} add pass tcp from ${mip} to ${ip} 22 setup

Since the rest of it should be taken care of by the rest of the 'client' ipfw 
setup.

On Wednesday 05 April 2006 21:50, Anthony M.Agelastos wrote:
> Hello everyone,
>
> Allow me to preface my problem by saying that I am very ignorant when
> it comes to networking. I do apologize if this is trivial. In any
> event, I enabled the "client" ifpw firewall located in /etc/
> rc.firewall. This appears to work well for my needs... except for one
> additional item. I need someone outside of my network to have SSH
> access to my machine. I know his/her IP address. So, I have added
> some additional items to rc.firewall for this. Here is what I added.
>
>          # Allow person SSH access
>          mip="xxx.xxx.xxx.xxx"
>          ${fwcmd} allow tcp from any to any 22 out setup keep-state
>          ${fwcmd} add pass tcp from ${mip} to me 22 setup limit src-
> addr 2
>
> I have tried many, many differing variations of this from items I
> have found online. I cannot get any of them to work. My network setup
> is as follows
>
> internet -> cable modem -> netgear router -> freebsd 6.1-prerelease
>
> This user can SSH into my machine when I set the firewall to "open".
> Any ideas?
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"

-- 
Ean Kingston, BSc, CISSP, ARO

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604052208.08520.ean>