From owner-freebsd-questions  Thu Mar 20 12:23:45 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1062037B401
	for <freebsd-questions@freebsd.org>; Thu, 20 Mar 2003 12:23:44 -0800 (PST)
Received: from web13506.mail.yahoo.com (web13506.mail.yahoo.com [216.136.175.85])
	by mx1.FreeBSD.org (Postfix) with SMTP id 625E543F75
	for <freebsd-questions@freebsd.org>; Thu, 20 Mar 2003 12:23:43 -0800 (PST)
	(envelope-from will@willardjwilliams.com)
Message-ID: <20030320202343.36694.qmail@web13506.mail.yahoo.com>
Received: from [217.84.186.205] by web13506.mail.yahoo.com via HTTP; Thu, 20 Mar 2003 12:23:43 PST
Date: Thu, 20 Mar 2003 12:23:43 -0800 (PST)
From: "W. J. Williams" <will@willardjwilliams.com>
Subject: Re: IPFW firewall rules not complete
To: Henrik Hudson <lists@rhavenn.net>, freebsd-questions@freebsd.org
In-Reply-To: <200303201350.35462.lists@rhavenn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--- Henrik Hudson <lists@rhavenn.net> wrote:
> On Thursday 20 March 2003 13:38, W. J. Williams wrote:
> > I am experimenting with IPFW firewalls and have hit a roadblock.  I am
> > trying to allow ssh, mail, dns requests, pings and traceroutes out,
> but
> > not in.  I am hitting a roadblock on mail and pings out
> 
> Assuming that 192.168.0.0/29 is your internal block you've got the rules
> 
> backwords.
> 
> > > add 2000 allow tcp from any to 192.168.0.0/29 22,25,10000 setup
> 
> This will let anything come in and establish a connection to a service
> running 
> on 22, 25, 10000 but says nothing about outgoing. I think you want:
> 
> add 2000 allow tcp from 192.168.0.0/29 to any 22,25,10000 setup
>
192.168.0.0/29 is used for my wireless router, a switch, the incoming port
on the firewall, and some test pcs that I donīt have behind the firewall.

192.168.1.0 is the network hosting the hosts...

Does this still mean they are backwards?

Will

=====
Will Williams

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message