From owner-freebsd-questions@FreeBSD.ORG Wed Jun 22 18:53:01 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E08E16A41C for ; Wed, 22 Jun 2005 18:53:01 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from mta13.adelphia.net (mta13.mail.adelphia.net [68.168.78.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D6E643D48 for ; Wed, 22 Jun 2005 18:53:00 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([69.172.31.81]) by mta13.adelphia.net (InterMail vM.6.01.04.01 201-2131-118-101-20041129) with SMTP id <20050622185259.WDOF14360.mta13.adelphia.net@barbish>; Wed, 22 Jun 2005 14:52:59 -0400 From: "fbsd_user" To: "Gene" , "freebsd-questions@FreeBSD. ORG" Date: Wed, 22 Jun 2005 14:52:58 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <42B7FD20.2000406@Bomgardner.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal Cc: Subject: RE: Anyone using doormand X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jun 2005 18:53:01 -0000 I read your post and was interested about what doorman does so I installed it on my 5.4 system. Running doormand from the command line does start the daemon after the .cf and guestlist pass syntax test. You will see it running with ps ax command. Remember doorman creates firewall rules on the fly to allow the TCP packets pass through the firewall and then removes them at the close of the session. Your firewall rules must pass inbound udp packets on port 1001. If you have that closed in you firewall rules doorman will never be triggered. I found running doormand -D will display any config file syntax errors to the console. If you change from the default /var/log/messages log file you have to give the new log file permission of rwx just for root user. That maybe why you see nothing in your custom log. I have not got it working yet on allowing telnet in from public internet. I am testing it using ipfilter firewall. You also have to create /usr/local/etc/rc.d/doormand.sh script so doormand will be started at boot time. Will let you know my results later. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Gene Sent: Tuesday, June 21, 2005 7:42 AM To: freebsd-questions@FreeBSD. ORG Subject: Anyone using doormand Has anyone implemented the doorman port knocking package? I tried to get it going on 5.4, but when I start doormand, I can find no evidence of it listening to it's default port (1001). I've checked the config (see below) but all seems correct. I can find no mention of doormand or port 1001 in the output of netstat or sockstat. Knocks have no discernible effect, telnet connections are refused, and there is nothing in the doorman's log file. Any ideas? Thanks Gene The doormand.cf file: # # 'doormand.cf' # # interface rl1 port 1001 waitfor 10 connection_delay_1 100000 # 1/10th second (delay is in microseconds) connection_delay_2 2 logfile /var/log/doorman-messages loglevel debug pidfile /var/run/doormand.pid guestlist /usr/local/etc/doormand/guestlist firewall-add /usr/local/etc/doormand/ipf_add firewall-del /usr/local/etc/doormand/ipf_delete tag-queue-length 100000 tag-queue /var/doorman_tag_queue tag-db /var/doorman_tag_db.db _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"