From owner-freebsd-questions@FreeBSD.ORG Mon Sep 26 14:26:33 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D403816A41F for ; Mon, 26 Sep 2005 14:26:33 +0000 (GMT) (envelope-from ertank@ozlerplastik.com) Received: from ozlerplastik.com (ozlerplastik.com [212.58.25.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2B6B43D53 for ; Mon, 26 Sep 2005 14:26:31 +0000 (GMT) (envelope-from ertank@ozlerplastik.com) Received: from ozlerplastik.com (unknown [127.0.0.1]) by ozlerplastik.com (Postfix) with SMTP id 0F17EA6EC8 for ; Mon, 26 Sep 2005 17:26:29 +0300 (EEST) Received: from ozlerplastik.com ([127.0.0.1]) by ozlerplastik.com ([212.58.25.218]) with SMTP (gateway) id A01D00011AB; Mon, 26 Sep 2005 17:26:29 +0300 Received: by ozlerplastik.com (Postfix, from userid 1083) id 2758AA6EC2; Mon, 26 Sep 2005 17:26:28 +0300 (EEST) Received: from [192.168.1.19] (ertan.kucukoglu [192.168.1.19]) by ozlerplastik.com (Postfix) with ESMTP id CD818A6EB5 for ; Mon, 26 Sep 2005 17:26:27 +0300 (EEST) Message-ID: <43380504.5080106@ozlerplastik.com> Date: Mon, 26 Sep 2005 17:26:12 +0300 From: Ertan Kucukoglu Organization: =?ISO-8859-9?Q?=D6zler_Plastik_San=2E_ve_Tic=2E_A?= =?ISO-8859-9?Q?=2E=DE=2E?= User-Agent: Thunderbird 1.4 (Windows/20050908) MIME-Version: 1.0 To: questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-9; format=flowed Content-Transfer-Encoding: quoted-printable X-Antivirus: checked by VAMS. (1.56.3) Cc: Subject: help needed for ipfw rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2005 14:26:33 -0000 Hi, I have a problem blocking foreign intruders for specific ports in ipfw. One of my friends have 4.X-Stable running in production for proxy,=20 e-mail, virus etc. Server also have natd and ipfw installed on it. We=20 have following rule set. ----- 00050 2132 1212881 divert 8668 ip from any to any via dc1 00100 1078 4537400 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 0 0 allow tcp from 192.168.0.0/24 to me 23 00500 0 0 deny tcp from 192.168.0.69 to me 1863 00550 0 0 deny tcp from 192.168.0.63 to me 1863 00600 0 0 deny tcp from 192.168.0.69 to me 80 00650 0 0 deny tcp from 192.168.0.63 to me 80 01000 0 0 allow tcp from 192.168.0.0/16 to me 21 01010 0 0 deny tcp from any to me 21 01100 0 0 allow tcp from 212.58.X.X to me 1433 via dc1 (ip=20 intentionally hided) 01110 0 0 deny tcp from any to me 1433 via dc1 65000 5467 3180867 allow ip from any to any 65535 4654 322885 deny ip from any to any ----- Natd is diverting port 1433 to an internal machine. When I try with a different ip address on Internet than 212.58.x.x, and=20 I can easily get connect to directed servers' 1433 port. I'm sure that I'm missing something, but I can not recognize what it is=20 at the moment. Any help will be appreciated. Regards, --=20 Ertan K=FC=E7=FCko=F0lu ertank@ozlerplastik.com