Date: Mon, 26 Sep 2005 17:26:12 +0300 From: Ertan Kucukoglu <ertank@ozlerplastik.com> To: questions@freebsd.org Subject: help needed for ipfw rules Message-ID: <43380504.5080106@ozlerplastik.com>
next in thread | raw e-mail | index | archive | help
Hi, I have a problem blocking foreign intruders for specific ports in ipfw. One of my friends have 4.X-Stable running in production for proxy,=20 e-mail, virus etc. Server also have natd and ipfw installed on it. We=20 have following rule set. ----- 00050 2132 1212881 divert 8668 ip from any to any via dc1 00100 1078 4537400 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 0 0 allow tcp from 192.168.0.0/24 to me 23 00500 0 0 deny tcp from 192.168.0.69 to me 1863 00550 0 0 deny tcp from 192.168.0.63 to me 1863 00600 0 0 deny tcp from 192.168.0.69 to me 80 00650 0 0 deny tcp from 192.168.0.63 to me 80 01000 0 0 allow tcp from 192.168.0.0/16 to me 21 01010 0 0 deny tcp from any to me 21 01100 0 0 allow tcp from 212.58.X.X to me 1433 via dc1 (ip=20 intentionally hided) 01110 0 0 deny tcp from any to me 1433 via dc1 65000 5467 3180867 allow ip from any to any 65535 4654 322885 deny ip from any to any ----- Natd is diverting port 1433 to an internal machine. When I try with a different ip address on Internet than 212.58.x.x, and=20 I can easily get connect to directed servers' 1433 port. I'm sure that I'm missing something, but I can not recognize what it is=20 at the moment. Any help will be appreciated. Regards, --=20 Ertan K=FC=E7=FCko=F0lu ertank@ozlerplastik.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43380504.5080106>