From owner-freebsd-questions Sat Feb 5 13: 1:37 2000 Delivered-To: freebsd-questions@freebsd.org Received: from pogo.caustic.org (pogo.caustic.org [208.44.193.69]) by builder.freebsd.org (Postfix) with ESMTP id B1B26463B for ; Sat, 5 Feb 2000 13:01:20 -0800 (PST) Received: from localhost (jan@localhost) by pogo.caustic.org (8.9.3/ignatz) with ESMTP id NAA44360; Sat, 5 Feb 2000 13:01:48 -0800 (PST) Date: Sat, 5 Feb 2000 13:01:48 -0800 (PST) From: "f.johan.beisser" To: Sean Heber Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Can't connect to localhost.. In-Reply-To: <949784051_PM_BeOS.sheber@mwci.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG you're missing two handy rules: $fwcmd add 100 pass all from any to any via lo0 $fwcmd add 200 deny all from any to 127.0.0.0/8 they're in the /etc/rc.firewall. -- jan On Sat, 5 Feb 2000, Sean Heber wrote: > I suspect this is due to a firewall rule, but I'm afraid of locking > myself out of the system so I would appreciate some advice on what rule > I need to add/edit to allow me to connect to localhost at least to send > mail via SMTP. Some programs don't like the fact that they can't > connect to localhost (fetchmail... :-) Someone else helped me put > together my current list of rules. > > Here's what I get: > > $ telnet 127.0.0.1 25 > Trying 127.0.0.1... > telnet: Unable to connect to remote host: Permission denied > > Here's my current rule list: > > # Stop RFC1918 nets on the outside interface > $fwcmd add deny log all from 192.168.0.0:255.255.0.0 to any in recv > ${oif} > $fwcmd add deny log all from 172.16.0.0:255.240.0.0 to any in recv > ${oif} > $fwcmd add deny log all from 10.0.0.0:255.0.0.0 to any in recv ${oif} > > # Allow any ip (tcp and udp) packets to go out the outside interface > $fwcmd add pass all from any to any out xmit ${oif} > > # Allow established tcp connections from outside interface > $fwcmd add pass tcp from any to any in recv ${oif} established > > #allows smtp > $fwcmd add pass log tcp from any to any 25 in recv ${oif} setup > > #allows ssh > $fwcmd add pass log tcp from any to any 22 in recv ${oif} setup > > #allows ftp > $fwcmd add pass log tcp from any to any 20 in recv ${oif} setup > $fwcmd add pass log tcp from any to any 21 in recv ${oif} setup > $fwcmd add pass log tcp from any 20 to any in recv ${oif} setup > $fwcmd add pass log tcp from any 21 to any in recv ${oif} setup > > #allows http > $fwcmd add pass log tcp from any to any 80 in recv ${oif} setup > > #allows https > $fwcmd add pass log tcp from any to any 443 in recv ${oif} setup > > #allows pop3 > $fwcmd add pass log tcp from any to any 110 in recv ${oif} setup > > # Deny and log setup of any other tcp connections from outside interface > $fwcmd add deny log tcp from any to any in recv ${oif} setup > > # Allow replies to DNS queries from outside interface > $fwcmd add pass udp from any 53 to any 1024-65535 in recv ${oif} > $fwcmd add pass udp from any to any 53 in recv ${oif} > > # Allow outbound pings > $fwcmd add pass icmp from any to any in recv ${oif} icmptypes 0 > $fwcmd add pass icmp from any to any out xmit ${oif} icmptypes 8 > > # Allow outbound traceroutes > $fwcmd add pass icmp from any to any in recv ${oif} icmptypes 3 > $fwcmd add pass icmp from any to any in recv ${oif} icmptypes 11 > > # Allow ntp packets > $fwcmd add pass udp from any ntp to any ntp in recv ${oif} > > # Everything else is denied by default, but let's log it too > $fwcmd add 65534 deny log ip from any to any > > > Thanks! > > l8r > Sean > > http://www.bebits.com/ > BeBits - Lots of BeOS stuff. > > > ----------------------------------- > This message was sent with the demo version of Postmaster, a BeOS mail client. > For more information, please visit http://kennyc.com/postmaster > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > +-----/ f. johan beisser /------------------------------+ email: jan[at]caustic.org web: http://www.caustic.org/~jan "knowledge is power. power corrupts. study hard, be evil." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message