From owner-freebsd-questions@FreeBSD.ORG  Wed Oct 27 09:26:05 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0584516A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 27 Oct 2004 09:26:04 +0000 (GMT)
Received: from mr.tuwien.ac.at (mr1-n.kom.tuwien.ac.at [128.131.2.109])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E001043D1D
	for <freebsd-questions@freebsd.org>;
	Wed, 27 Oct 2004 09:26:03 +0000 (GMT)
	(envelope-from e0025265@student.tuwien.ac.at)
Received: from webmail.zserv.tuwien.ac.at (lps.ben.tuwien.ac.at
	[193.170.74.11])
	by mr.tuwien.ac.at (8.12.10/8.12.8) with SMTP id i9R9PxVP026093
	for <freebsd-questions@freebsd.org>;
	Wed, 27 Oct 2004 11:26:00 +0200 (MEST)
MIME-Version: 1.0
X-Mailer: V-webmail 1.5.1 ( http://www.v-webmail.co.uk/ )
Content-Type: text/plain; charset="ISO-8859-15"
Content-Transfer-Encoding: quoted-printable
Message-ID: <i68kvc.s43n5c@webmail.tuwien.ac.at>
Date: Wed, 27 Oct 2004 11:26:00 +0200
From: "Florian Hengstberger" <e0025265@student.tuwien.ac.at>
To: "FreeBSD mailinglist" <freebsd-questions@freebsd.org>
X-Vwebmail-Auth: e0025265@stud3.tuwien.ac.at
X-Virus-Scanned: by amavisd-milter (http://amavis.org/)
Subject: Firewall and nmap
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Oct 2004 09:26:05 -0000

Hi!

I'm compiled a Kernel using the GENERIC config-file that
comes with the default 5.2.1 installation adding support
for ipfw.
I tried to scan my computer with a linux machine running nmap,
but nmap tells me that the host seems to be down altough I was able
to ping the freebsd-host.
So I flushed all rools for the firewall with ipfw flush (the still
existing default rule enables all trafic because I compiled this in
my kernel, ipfw -c list told me that this is true.)
Anyway, nothing changes, all ports seem to be closed running nmap,
pings are successfull again!

1) What's wrong with my configuration?
2) I've tried to add all kernel options to this mail using the online
handbook from www.freeebsd.org. I realized that the firewall section
covers now the OpenBSD filter pf. What=B4s the state of the art?
How do I enable pf under 5.2.1 - package or port?
3) Is there something similar like nmap or is there a BSD-network scanner,
which usage is recommended?

Thanks in advance,
Florian

------------------------------------------------------
Florian Hengstberger
e0025265@student.tuwien.ac.at
http://stud3.tuwien.ac.at/~e0025265
------------------------------------------------------