From owner-freebsd-questions Mon Apr 22 2:35:15 2002 Delivered-To: freebsd-questions@freebsd.org Received: from camomile.cloud9.net (camomile.cloud9.net [168.100.1.3]) by hub.freebsd.org (Postfix) with ESMTP id 6AFC937B41C for ; Mon, 22 Apr 2002 02:35:09 -0700 (PDT) Received: from russian-caravan.cloud9.net (russian-caravan.cloud9.net [168.100.1.4]) by camomile.cloud9.net (Postfix) with ESMTP id DCCE3383F5 for ; Mon, 22 Apr 2002 02:42:10 -0400 (EDT) Received: from earl-grey.cloud9.net (earl-grey.cloud9.net [168.100.1.1]) by russian-caravan.cloud9.net (Postfix) with ESMTP id 200D028B01; Mon, 22 Apr 2002 02:40:55 -0400 (EDT) Date: Mon, 22 Apr 2002 02:40:54 -0400 (EDT) From: Peter Leftwich X-X-Sender: To: Taylor Dondich Cc: FreeBSD LIST Subject: Re: Fw: A problem with people reaching my server In-Reply-To: <000701c1e751$8bc204c0$0d1cea18@penguin> Message-ID: <20020422022623.I28349-100000@earl-grey.cloud9.net> Organization: Video2Video Services - http://Www.Video2Video.Com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 18 Apr 2002, Taylor Dondich wrote: > yes, but like I said, I have no firewall options enabled in rc.conf, wouldn't that allow people to at least access httpd on the box? Or does freebsd now by default not allow it? > Taylor Dondich Nobody can access "httpd" unless you have "httpd" running. man inetd If you are truly concerned about security, I suggest you read up in the www.freebsd.org handbook about the firewall options in /etc/rc.conf -- Peter Leftwich President & Founder Video2Video Services Box 13692, La Jolla, CA, 92039 USA +1-413-403-9555 > ----- Original Message ----- > From: "Peter Leftwich" > To: "Taylor Dondich" > Cc: "FreeBSD LIST" > Sent: Thursday, April 18, 2002 7:56 PM > Subject: Re: Fw: A problem with people reaching my server > > > On Thu, 18 Apr 2002, Taylor Dondich wrote: > > > I don't believe so. FIREWALL options are not enabled in rc.conf, > however, I do notice as when I'm shutting down the server, it's saving firewall states. How do I check to see if it is running, and how to disable that from happening? > > > Taylor Dondich > > > > From /etc/rc.conf > > firewall_enable="YES" # Set to YES to enable firewall functionality > > firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall > > firewall_type="client" # Firewall type (see /etc/rc.firewall) > > > > There are choices such as simple, open, client, etc - mine is actually set to NO because I found this all too confusing (setting "internal" IPs and configuring /etc/rc.firewall to my specs). Instead, I learned as much as I could about /etc/inetd.conf and have enabled syslogd to log LOTS of stuff, such as rude people portscanning me :) > > Oh and the choices go on in /etc/rc.conf > > firewall_quiet="YES" # Set to YES to suppress rule display > > firewall_logging="YES" # Set to YES to enable events logging > > firewall_flags="" # Flags passed to ipfw when type is a file > > > > > > ----- Original Message ----- > > > > From: "Kent Stewart" > > > > To: "Taylor Dondich" > > > > Cc: > > > > Sent: Thursday, April 18, 2002 3:48 PM > > > > Subject: Re: A problem with people reaching my server > > > > > Taylor Dondich wrote: > > > > > > Okay, so I've thought I configured my server correctly, but I must > be missing something. People can ping my server just fine, however trying to access any services (web, smtp, pop3) are futile. Yet, they can ping it. There isn't a kern_securelevel, so I dunno if that'd be it (I don't even know if that'd be related). However, I can access the services just fine on the network here. It just seems that anyone outside my network can't access it. Any ideas? Things I can provide to help figure it out? > > > > > Are you running something like ipfw or some other firewall. You could have some parameters there that need adjusting. > > > > > Kent Stewart of Richland, WA > > > > > http://users.owt.com/kstewart/index.html > > What do you mean by problem with people "reaching" your server? What port? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message