From owner-freebsd-questions  Sat Mar 11  8:41: 1 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from jgl.reno.nv.us (rno-max6-40.gbis.net [207.228.61.168])
	by hub.freebsd.org (Postfix) with ESMTP id B32A637BCA8
	for <freebsd-questions@FreeBSD.ORG>; Sat, 11 Mar 2000 08:40:54 -0800 (PST)
	(envelope-from dan@jgl.reno.nv.us)
Received: from danco (danco.home [10.0.0.2])
	by jgl.reno.nv.us (8.9.3/8.9.3) with SMTP id IAA07496;
	Sat, 11 Mar 2000 08:40:42 -0800 (PST)
	(envelope-from dan@jgl.reno.nv.us)
Message-ID: <006101bf8b78$8bef10a0$0200000a@danco.home>
From: "Dan O'Connor" <dan@jgl.reno.nv.us>
To: "Mark Smith" <msmith@beta.tricity.wsu.edu>,
	<freebsd-questions@FreeBSD.ORG>
Subject: Re: ppp filter problems!
Date: Sat, 11 Mar 2000 08:40:34 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3155.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>I'm having a problem with filtering on my FreeBSD 3.4R box.  I'm using
>user PPP.  When I use the following rule set, I can  ping out and in,
>and telnet out but NOT telnet into my box via tun0.  When I use tcpdump
>to watch tun0, I don't see any packets for telnet coming in. Does
>anybody have any ideas?
>
>  set filter in  0 permit icmp
>  set filter out 0 permit icmp
>  set filter in  1 permit udp src eq 53
>  set filter out 1 permit udp dst eq 53
>  set filter in  2 permit tcp src eq 23 estab
>  set filter out 2 permit tcp dst eq 23
>  set filter in  3 permit tcp src eq 80
>  set filter out 3 permit tcp dst eq 80
>  set filter in  4 permit tcp dst eq 113
>  set filter out 4 permit tcp src eq 113

I think you need these rules also:

 set filter in  5 permit tcp dst eq 23
 set filter out 5 permit tcp src eq 23

Of course, I would be remiss if I didn't say that allowing folks on the
outside to telnet in is *a bad idea.* You should be using SSH on port 22 if
you want to allow access into your machine from the Internet.

--Dan

**  The thing I like most about Windows 98 is...
**  You can download FreeBSD with it!




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message