From owner-freebsd-questions Wed Jan 24 15:35:56 2001 Delivered-To: freebsd-questions@freebsd.org Received: from tomts7-srv.bellnexxia.net (tomts7.bellnexxia.net [209.226.175.40]) by hub.freebsd.org (Postfix) with ESMTP id 6B41F37B402 for ; Wed, 24 Jan 2001 15:35:32 -0800 (PST) Received: from johnny2k ([64.229.33.177]) by tomts7-srv.bellnexxia.net (InterMail vM.4.01.03.00 201-229-121) with SMTP id <20010124233531.VFFM6682.tomts7-srv.bellnexxia.net@johnny2k>; Wed, 24 Jan 2001 18:35:31 -0500 Message-ID: <000c01c0865e$62a9b1f0$b121e540@johnny2k> From: "John Telford" To: "Pete Fritchman" , References: <000a01c08606$9041efe0$2823e540@johnny2k> <20010124104631.B4887@databits.net> Subject: Re: IPFW modify the "simple" rule set 4.2 to allow ... Date: Wed, 24 Jan 2001 18:35:50 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-Mimeole: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Sorry, it does belong in -questions. The WWW server is a separate box behind the firewall with a public IP # redirected to it's private IP #. Regards, John. ----- Original Message ----- From: "Pete Fritchman" To: "John Telford" Cc: Sent: Wednesday, January 24, 2001 10:46 AM Subject: Re: IPFW modify the "simple" rule set 4.2 to allow ... > [ freebsd-net removed ] > > ++ 24/01/01 08:07 -0500 - John Telford: > >I'd like to get the settings in the right place so I'm asking the experts. Freebsd 4.2 release with firewall type set to "simple". > >It works but I'd like to allow 2 things through. > >SSH connections from the public side to the firewall. > > You'll need to modify /etc/rc.firewall. Look through until you see something > like: > > [Ss][Ii][Mm][Pp][Ll][Ee]) > ############ > # This is a prototype setup for a simple firewall. Configure this > # machine as a named server and ntp server, and point all the machines > # on the inside at this machine for those services. > ############ > > Scroll down and before the command that says "Reject&Log all setup of incoming > connections ...", add: > > # Allow access to SSH > ${fwcmd} add pass tcp from any to ${oip} 22 setup > > >Connections to a Web server on the inside. > > I'm not quite sure what you mean - do you have a webserver on another port? > WWW is already allowed through in the simple firewall type. > > > > >Thanks in advance. John. > > -pete > > -- > Pete Fritchman > Databits Network Services, Inc. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message