Date: Fri, 1 Oct 1999 15:59:37 -0700 (PDT) From: Mahlon Smith <reich@internetcds.com> To: Travis Stevenson <tstevenson@lcsd2.org> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw filtering Message-ID: <Pine.BSF.4.10.9910011556230.14592-100000@martini.office.cdsnet.net> In-Reply-To: <199910011442.IAA18406@dexter.lcsd2.org>
next in thread | previous in thread | raw e-mail | index | archive | help
You've got the rules reversed. All of your traffic will hit the first rule, and be blocked. It never gets to the allowed rules. Switch the order around, should be fine. -- Mahlon Smith InternetCDS http://www.internetcds.com On Fri, 1 Oct 1999, Travis Stevenson wrote: > I'm having some trouble setting up ipfw filtering. This is what I want to do: > > Block all of the internet except for one network. This is what I have done > > # Disable all traffic > ipfw add deny all from any to any > > # Enable only web traffic from 192.168.1.0/24 to 10.10.10.0/24 > ipfw add pass all from 192.168.1.0/24 to 10.10.10.0/24 80 > ipfw add pass all from 10.10.10.0/24 80 to 192.168.1.0/24 > > This is the closest I could come to getting this to work. This is not working. > It will drop all packets. But when I try to access 10.10.10.0/24 it says "web site contacted waiting for reply". Then hangs. The Servers are not sending data back. If anyone can provide me with some help that would be appreciated. > > > > -- > Travis Stevenson, MCSE Technology Specialist > Lincoln County School District #2 http://www.technology.lcsd2.org > > Fingerprint: CA26 B3E7 DDFC A8B8 0AA7 A559 035D AA5A 7E29 B1E4 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910011556230.14592-100000>