From owner-freebsd-questions Sun Jun 30 18:52:10 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2C1137B400 for ; Sun, 30 Jun 2002 18:52:07 -0700 (PDT) Received: from sol.chel.skbkontur.ru (sol.chel.skbkontur.ru [212.57.175.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4178F43E0A for ; Sun, 30 Jun 2002 18:52:06 -0700 (PDT) (envelope-from ilia@chel.skbkontur.ru) Received: from localhost (localhost [127.0.0.1]) by sol.chel.skbkontur.ru (8.12.3/8.12.3) with ESMTP id g611q5es006033 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 1 Jul 2002 07:52:05 +0600 (YEKST) (envelope-from ilia@chel.skbkontur.ru) Date: Mon, 1 Jul 2002 07:52:05 +0600 (YEKST) From: =?koi8-r?B?6czY0SD7ydDJw8nO?= To: Matthew Seaman Cc: questions@FreeBSD.ORG Subject: Re: ipfw: broadcast thing In-Reply-To: <20020630212920.GA42452@happy-idiot-talk.infracaninophi> Message-ID: <20020701075031.H5982-100000@sol.chel.skbkontur.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > On Sun, Jun 30, 2002 at 11:48:56PM +0600, ???? ??????? wrote: > > Dear Sirs, > > > > for example, rl0 and rl1 are local (non-Internet) interfaces. > > > > (I'm going to switch to stateful rules soon, but for now I've configured > > stateless firewall): > > > > ipfw add 100 allow ip from me to any > > ipfw add 200 allow ip from any to me via rl0 > > ipfw add 200 allow ip from any to me via rl1 > > > > that's simple, that's good, I even like it:) > > but such configuration doesn't pass broadcast packets: > > > > Jun 30 23:42:43 sol /kernel: ipfw: 104 Deny UDP 192.168.200.3:520 > > 255.255.255.255:520 in via rl1 > > Jun 30 23:42:43 sol /kernel: ipfw: 104 Deny UDP 192.168.100.28:138 > > 192.168.100.255:138 in via rl0 > > Jun 30 23:43:14 sol /kernel: ipfw: 104 Deny UDP 192.168.200.3:520 > > 255.255.255.255:520 in via rl1 > > Jun 30 23:43:45 sol /kernel: ipfw: 104 Deny UDP 192.168.200.3:520 > > 255.255.255.255:520 in via rl1 > > > > > > can anybody help me with "allow"ing broadcast traffic ?? > > If you know what the IP address is on each of your interfaces, it more > efficient to quote it explicitly in your IPFW rulesets. You can also > change the filter to take account of the local network number and > netmask, which will allow broadcast packets as well: > > ipfw add 100 allow ip from 192.168.100.28 to any > ipfw add 150 allow ip from 192.168.200.3 to any > ipfw add 200 allow ip from any to 192.168.100.0/24 via rl0 > ipfw add 250 allow ip from any to 192.168.200.0/24 via rl1 no, I don't want to pass "from any to any", I just want to pass "from me to any" + "from any to me" + "broadcast things" (no matter what is the mean of broadcast, RIP, SMB or whatever) > > The fact that you're getting RIP broadcasts to 255.255.255.255 on your > rl1 interface is almost definitely an error probably due to a > misconfigured netmask on your router. > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > Savill Way > Tel: +44 1628 476614 Marlow > Fax: +44 0870 0522645 Bucks., SL7 1TH UK > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message