Date: Sat, 5 Feb 2000 13:01:48 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: Sean Heber <sheber@mwci.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Can't connect to localhost.. Message-ID: <Pine.BSF.4.21.0002051300120.24496-100000@pogo.caustic.org> In-Reply-To: <949784051_PM_BeOS.sheber@mwci.net>
next in thread | previous in thread | raw e-mail | index | archive | help
you're missing two handy rules:
$fwcmd add 100 pass all from any to any via lo0
$fwcmd add 200 deny all from any to 127.0.0.0/8
they're in the /etc/rc.firewall.
-- jan
On Sat, 5 Feb 2000, Sean Heber wrote:
> I suspect this is due to a firewall rule, but I'm afraid of locking
> myself out of the system so I would appreciate some advice on what rule
> I need to add/edit to allow me to connect to localhost at least to send
> mail via SMTP. Some programs don't like the fact that they can't
> connect to localhost (fetchmail... :-) Someone else helped me put
> together my current list of rules.
>
> Here's what I get:
>
> $ telnet 127.0.0.1 25
> Trying 127.0.0.1...
> telnet: Unable to connect to remote host: Permission denied
>
> Here's my current rule list:
>
> # Stop RFC1918 nets on the outside interface
> $fwcmd add deny log all from 192.168.0.0:255.255.0.0 to any in recv
> ${oif}
> $fwcmd add deny log all from 172.16.0.0:255.240.0.0 to any in recv
> ${oif}
> $fwcmd add deny log all from 10.0.0.0:255.0.0.0 to any in recv ${oif}
>
> # Allow any ip (tcp and udp) packets to go out the outside interface
> $fwcmd add pass all from any to any out xmit ${oif}
>
> # Allow established tcp connections from outside interface
> $fwcmd add pass tcp from any to any in recv ${oif} established
>
> #allows smtp
> $fwcmd add pass log tcp from any to any 25 in recv ${oif} setup
>
> #allows ssh
> $fwcmd add pass log tcp from any to any 22 in recv ${oif} setup
>
> #allows ftp
> $fwcmd add pass log tcp from any to any 20 in recv ${oif} setup
> $fwcmd add pass log tcp from any to any 21 in recv ${oif} setup
> $fwcmd add pass log tcp from any 20 to any in recv ${oif} setup
> $fwcmd add pass log tcp from any 21 to any in recv ${oif} setup
>
> #allows http
> $fwcmd add pass log tcp from any to any 80 in recv ${oif} setup
>
> #allows https
> $fwcmd add pass log tcp from any to any 443 in recv ${oif} setup
>
> #allows pop3
> $fwcmd add pass log tcp from any to any 110 in recv ${oif} setup
>
> # Deny and log setup of any other tcp connections from outside interface
> $fwcmd add deny log tcp from any to any in recv ${oif} setup
>
> # Allow replies to DNS queries from outside interface
> $fwcmd add pass udp from any 53 to any 1024-65535 in recv ${oif}
> $fwcmd add pass udp from any to any 53 in recv ${oif}
>
> # Allow outbound pings
> $fwcmd add pass icmp from any to any in recv ${oif} icmptypes 0
> $fwcmd add pass icmp from any to any out xmit ${oif} icmptypes 8
>
> # Allow outbound traceroutes
> $fwcmd add pass icmp from any to any in recv ${oif} icmptypes 3
> $fwcmd add pass icmp from any to any in recv ${oif} icmptypes 11
>
> # Allow ntp packets
> $fwcmd add pass udp from any ntp to any ntp in recv ${oif}
>
> # Everything else is denied by default, but let's log it too
> $fwcmd add 65534 deny log ip from any to any
>
>
> Thanks!
>
> l8r
> Sean
>
> http://www.bebits.com/
> BeBits - Lots of BeOS stuff.
>
>
> -----------------------------------
> This message was sent with the demo version of Postmaster, a BeOS mail client.
> For more information, please visit http://kennyc.com/postmaster
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
+-----/ f. johan beisser /------------------------------+
email: jan[at]caustic.org web: http://www.caustic.org/~jan
"knowledge is power. power corrupts. study hard, be evil."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0002051300120.24496-100000>