Date: 24 Dec 2003 16:43:49 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: "Drew Robertson" <the_brothel@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW Rule set question... Message-ID: <44smj9nb6y.fsf@be-well.ilk.org> In-Reply-To: <BAY99-F62TzOLkM1U5l00021e76@hotmail.com> References: <BAY99-F62TzOLkM1U5l00021e76@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Drew Robertson" <the_brothel@hotmail.com> writes: > I have enabled SSH, TELNET and FTP on my freeBSD 4.8 box at home... it > is dual homed, 2 NICs one for the internal LAN one running my cable > modem. Everything works fine on the internal side. > > When accessing the box using any of those apps from work, the system > looks to briefly connect and then returns a "Connection Lost" or > "Connection closed by remote host error". > > The command setup to allow in access is as follows... > > 820 allow log tcp from any to me 22 limit src-addr 4 in recv tl0 setup > 830 allow log tcp from any to me 23 limit src-addr 4 in recv tl0 setup I assume these are supposed to have "keep-state" in them. It *is* written that way in the full ruleset you posted lower down. > when this didn't work I added another command at the start of the > ruleset to just let everything in from a particular IP address range... > > 202 allow ip from 203.10.10.0/24 to any > > however this produced the same error... > > It wasn't until I allowed all from any to any that I was able to connect... Then the packets aren't actually being seen as coming from that address. Maybe you're running into NAT modifications? > When checking out the security log, it tells me that rule 820 is > allowing access to my computer at home... But only for SYN packets... -- Lowell Gilbert, embedded/networking software engineer, Boston area: resume/CV at http://be-well.ilk.org:8088/~lowell/resume/ username/password "public"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44smj9nb6y.fsf>