Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 13 Aug 1998 12:35:21 -0700 (PDT)
From:      Doug White <dwhite@resnet.uoregon.edu>
To:        Dan Langille <junkmale@xtra.co.nz>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: ipfw rules
Message-ID:  <Pine.BSF.4.00.9808131234430.11633-100000@resnet.uoregon.edu>
In-Reply-To: <199808120750.TAA00553@cyclops.xtra.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Wed, 12 Aug 1998, Dan Langille wrote:

> On 12 Aug 98, at 0:31, Doug White wrote:
> 
> > 
> > On Tue, 11 Aug 1998, Dan Langille wrote:
> > 
> > > I'm using ipfw and natd for my home subnet.  The FreeBSD box acts as a
> > > gateway to my ADSL connection.  I'm using the simple firewall as
> > > defined in rc.firewall.  However, some of the default rules are
> > > preventing some services from working.  But I don't understand why.
> > > 
> > > Below are the rules and a description of what they prevent when they
> > > are enabled.  If someone could explain why the rule stops what it
> > > does, I would appreciate it.
> > > 
> > > oif=ed0
> > > 
> > > # if either of the following two lines are enabled, it stops my
> > > # Pegasus email client from accessing the POP server at my ISP
> > > add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}
> > 
> > Stop any packets originating from 192.168.x.x from leaving this machine.
> > What's the machine's IP?
> 
> ed0 (outside world) is not within this range.  ed1 (my subnet) is.  Isn't
> this rule trying to stop packets going out on ed0 (outside world)?

Assuming ${oif} == 'ed0'...

> > > add pass tcp from any to any setup
> > 
> > Allows TCP connections to start but probably blocks the rest because of
> > the above rule.
> 
> Yeah.  Strange.  These are the default rules within rc.firewall.

Not a clue.  My ipfw adventures start next week. :)

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.00.9808131234430.11633-100000>