Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 04 Aug 2002 17:03:42 -0500
From:      "Jack L. Stone" <jackstone@sage-one.net>
To:        "Joe Smith" <chopsuey1973@hotmail.com>, freebsd-questions@FreeBSD.ORG
Subject:   Re: IPFW Question
Message-ID:  <3.0.5.32.20020804170342.02c23860@mail.sage-one.net>
In-Reply-To: <F166tuybeUhjqzRnOkD00023f7b@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

At 03:46 PM 8.4.2002 -0600, Joe Smith wrote:
>I am new to IPFW and I was just experimenting with it today and I am running 
>into a problem. I have a FreeBSD 4.5 machine sitting between the Internet 
>and my local network. The inside interface on the BSD machine is tx0 and all 
>my internal machines have IP addresses of 192.168.1.x. When I load this 
>ruleset my SSH connection gets killed. I am trying to allow SSH connection 
>from my internal network. Any suggestions? Thanks
>
># Suck in the configuration variables.
>if [ -z "${source_rc_confs_defined}" ]; then
>        if [ -r /etc/defaults/rc.conf ]; then
>                . /etc/defaults/rc.conf
>                source_rc_confs
>        elif [ -r /etc/rc.conf ]; then
>                . /etc/rc.conf
>        fi
>fi
>
>fwcmd="/sbin/ipfw"
>
>oif="de0"
>
>iif="tx0"
>
>############
># Flush out the list before we begin.
>#
>${fwcmd} -f flush
>
>############
># Network Address Translation.  All packets are passed to natd(8)
># before they encounter your remaining rules.  The firewall rules
># will then be run again on each packet after translation by natd
># starting at the rule number following the divert rule.
>#
>${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
>
>############
># Only in rare cases do you want to change these rules
>#
>${fwcmd} add 100 allow all from any to any via lo0
>${fwcmd} add 200 deny all from any to 127.0.0.0/8
>${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
>
>#SSH
>${fwcmd} add 400 allow tcp from 192.168.1.0/24 22 to any via ${iif}
>${fwcmd} add 401 allow udp from 192.168.1.0/24 22 to any via ${iif}
>
>${fwcmd} add 65000 deny all from any to any
>

This one rule works for me:
${fwcmd} add pass log tcp from any to any 22 in via ${iif} setup

Best regards,
Jack L. Stone,
Administrator

SageOne Net
http://www.sage-one.net
jackstone@sage-one.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20020804170342.02c23860>