From owner-freebsd-questions  Fri Aug 10 18:12: 1 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from thehousleys.net (frenchknot.ne.mediaone.net [24.147.224.201])
	by hub.freebsd.org (Postfix) with ESMTP id 98D4137B403
	for <freebsd-questions@freebsd.org>; Fri, 10 Aug 2001 18:11:56 -0700 (PDT)
	(envelope-from jim@thehousleys.net)
Received: (from root@localhost)
	by thehousleys.net (8.11.3/8.11.2) id f7B1BtN44277;
	Fri, 10 Aug 2001 21:11:55 -0400 (EDT)
	(envelope-from jim@Thehousleys.net)
Received: from Thehousleys.net (baby.int.thehousleys.net [192.168.0.24])
	(authenticated)
	by thehousleys.net (8.11.3/8.11.3) with ESMTP id f7B1Br944269;
	Fri, 10 Aug 2001 21:11:53 -0400 (EDT)
	(envelope-from jim@Thehousleys.net)
Message-ID: <3B748659.E2D96F11@Thehousleys.net>
Date: Fri, 10 Aug 2001 21:11:53 -0400
From: James Housley <jim@thehousleys.net>
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: George Genovezos <ggenovez@hotmail.com>
Cc: freebsd-questions@freebsd.org
Subject: Re: ipfw & firewall.
References: <F111mKldz8axXzTx7Sx000064dd@hotmail.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

George Genovezos wrote:
> 
> Hey all,
> 
> I just installed ipfw and the only thing I want to go in & out is ssh. So
> this is the only line I have in my rules
> 
> allow tcp from any to any ssh setup
> 
> Now when I ssh to my localhost I get
> 
> debug: Allocated local port 881.
> debug: connect: Connection refused
> debug: Connecting to localhost [127.0.0.1] port 22.
> debug: Allocated local port 880.
> debug: connect: Permission denied
> 

Actually you want something like the following

allow tcp from any to any established
allow tcp from any ssh to any out setup
allow tcp from any to any ssh in setup

You probably also want to allow udp 53 both ways, for DNS?

Jim
-- 
/"\   ASCII Ribbon Campaign  .
\ / - NO HTML/RTF in e-mail  .
 X  - NO Word docs in e-mail .
/ \ -----------------------------------------------------------------
jeh@FreeBSD.org      http://www.FreeBSD.org     The Power to Serve
jim@TheHousleys.Net  http://www.TheHousleys.net
---------------------------------------------------------------------
Life begins at 4.0

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message