FreeBSD Mail Archives

Date:      Sat, 21 Dec 2002 18:36:37 -0800
From:      Joe <joeja@mindspring.com>
To:        freebsd-questions@FreeBSD.ORG
Subject:   ipfw divert open ports
Message-ID:  <3E052535.4010302@mindspring.com>

next in thread | raw e-mail | index | archive | help

Hello,
	I just got dsl and am using freebsd as a router / gatway for my 
internal network.

	When I scan the machine from a REMOTE IP address (from work) it shows 
the ports in OPEN status.

	xl0 is the internal network interface.  dc0 is the external network 
interface

	even without rule 02000 nmap shows the following when I ssh to work and 
nmap my ip address

20/udp     open        ftp-data
21/udp     open        ftp
22/udp     open        ssh
23/udp     open        telnet
24/udp     open        priv-mail
25/udp     open        smtp

	below are my firewall rules:

	How do I lock this down so that ALL the ports show that they are closed???

Thanks,
Joe


00100   0      0 allow ip from any to any via lo0
00200   0      0 deny ip from any to 127.0.0.0/8
00300   0      0 deny ip from 127.0.0.0/8 to any
00400   0      0 deny ip from 192.168.0.0/24 to any in recv dc0
00500   0      0 deny ip from 172.16.1.0/24 to any in recv xl0
00600 944 278220 allow ip from any to any via xl0
00700   0      0 deny ip from any to 10.0.0.0/8 via dc0
00800   0      0 deny ip from any to 192.168.0.0/16 via dc0
00900   0      0 deny ip from any to 0.0.0.0/8 via dc0
01000   0      0 deny ip from any to 169.254.0.0/16 via dc0
01100   0      0 deny ip from any to 192.0.2.0/24 via dc0
01200   0      0 deny ip from any to 224.0.0.0/4 via dc0
01300   0      0 deny ip from any to 240.0.0.0/4 via dc0
01400 972 280278 divert 8668 ip from any to any via dc0
01500   0      0 check-state
01600 398  68836 allow tcp from any to any keep-state out xmit dc0 setup
01700 488 198024 allow tcp from any to any via dc0 established
01800   0      0 reset tcp from any to any in recv dc0 setup
01900  29   1887 allow udp from any to any 53 keep-state via dc0
02000  29   9473 allow udp from any to any keep-state via dc0
02100   0      0 allow icmp from any to any keep-state icmptype 8
02200   0      0 allow icmp from any to any keep-state icmptype 3
02300   0      0 allow icmp from any to any keep-state icmptype 11
02400   0      0 allow icmp from any to any keep-state
02500   0      0 reset log logamount 500 tcp from any to any
02600   0      0 unreach host log logamount 500 ip from any to any
02700   0      0 deny log logamount 500 ip from any to any
65535  20   2011 deny ip from any to any


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E052535.4010302>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation