From owner-freebsd-questions@FreeBSD.ORG  Tue Jan  2 22:28:10 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 231B416A403
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Jan 2007 22:28:10 +0000 (UTC)
	(envelope-from petko@studnet.sk)
Received: from studnet.sk (ns.studnet.sk [194.160.208.44])
	by mx1.freebsd.org (Postfix) with ESMTP id BF10F13C43E
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Jan 2007 22:28:09 +0000 (UTC)
	(envelope-from petko@studnet.sk)
Received: from [192.168.1.3] (nr-par-217-144-28-122.satronet.sk
	[217.144.28.122]) (authenticated bits=0)
	by studnet.sk (8.13.8/8.13.6) with ESMTP id l02MS3fs095314
	for <freebsd-questions@freebsd.org>;
	Tue, 2 Jan 2007 23:28:05 +0100 (CET) (envelope-from petko@studnet.sk)
Message-ID: <459ADC6B.2020309@studnet.sk>
Date: Tue, 02 Jan 2007 23:27:55 +0100
From: petko <petko@studnet.sk>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: freebsd-questions <freebsd-questions@freebsd.org>
References: <20070102200640.GA7476@jurjenm.stack.nl>
In-Reply-To: <20070102200640.GA7476@jurjenm.stack.nl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.88.6/2407/Tue Jan 2 22:12:09 2007 on
	kripel.studnet.sk
X-Virus-Status: Clean
Subject: Re: ipfw denies everything and i can open websites?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2007 22:28:10 -0000

hello,

could you show  /etc/rc.conf and /etc/rc.firewall files? (only 
corresponding lines)

petko

Jurjen Middendorp wrote:
> Hello, 
> i have configured my firewall, but after i do "ipfw -q flush" i am still
> able to visit websites, download my e-mail, etc. I thought the default action of
> ipfw was to deny everything and ipfw show confirms that... Why am i able to go
> on the internet? Is this weird behaviour or is there something i don't
> understand about ipfw/firewalls??
> I am behind a router (NAT) and get my ip with dhcp.
>
> Here is a litle log from what happens if i try to open a random website
> (blah.org) after i disable my firewall.
>
> [jurjen@jurjen ~]$ su
> Password:
> [root@jurjen /home/jurjen]# fw_uit
> 65535 2 616 deny ip from any to any
> [root@jurjen /home/jurjen]# tcpdump
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes
>
> 20:41:44.919465 IP jurjen.lan.55071 > SpeedTouch.lan.domain:  4879+ A? blah.org. (26)
> 20:41:45.062650 IP SpeedTouch.lan.domain > jurjen.lan.55071:  4879 1/0/0 A 205.150.150.140 (42)
> 20:41:45.062889 IP jurjen.lan.53038 > SpeedTouch.lan.domain:  4880+ AAAA? blah.org. (26)
> 20:41:45.173416 IP SpeedTouch.lan.domain > jurjen.lan.53038:  4880 0/1/0 (98)
> 20:41:45.173790 IP jurjen.lan.56029 > 205.150.150.140.http: S 1223552665:1223552665(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 21149548 0,sackOK,eol>
> 20:41:45.288590 IP 205.150.150.140.http > jurjen.lan.56029: S 3294004362:3294004362(0) ack 1223552666 win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
> 20:41:45.288662 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 1 win 33304 <nop,nop,timestamp 211496620>
> 20:41:45.288924 IP jurjen.lan.56029 > 205.150.150.140.http: P 1:395(394) ack 1 win 33304 <nop,nop,timestamp 21149663 0>
> 20:41:45.441225 IP 205.150.150.140.http > jurjen.lan.56029: . 1:1449(1448) ack 395 win 65141 <nop,nop,timestamp 1951517 21149548>
> 20:41:45.442758 IP 205.150.150.140.http > jurjen.lan.56029: P 1449:2533(1084) ack 395 win 65141 <nop,nop,timestamp 1951517 21149548>
> 20:41:45.442812 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 2533 win 32762 <nop,nop,timestamp 21149817 1951517>
> 20:41:45.591472 IP jurjen.lan.56029 > 205.150.150.140.http: P 395:720(325) ack 2533 win 33304 <nop,nop,timestamp 21149965 1951517>
> 20:41:45.760525 IP 205.150.150.140.http > jurjen.lan.56029: P 3981:4328(347) ack 720 win 64816 <nop,nop,timestamp 1951520 21149965>
> 20:41:45.760603 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 2533 win 33304 <nop,nop,timestamp 21150134 1951517,nop,nop,sack 1 {3981:4328}>
> 20:41:45.763003 IP 205.150.150.140.http > jurjen.lan.56029: . 2533:3981(1448) ack 720 win 64816 <nop,nop,timestamp 1951520 21149965>
> 20:41:45.763045 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 4328 win 32406 <nop,nop,timestamp 21150137 1951520>
> 20:41:46.021900 IP jurjen.lan.62273 > SpeedTouch.lan.domain:  23988+ PTR? 140.150.150.205.in-addr.arpa. (46)
> 20:41:46.255700 IP SpeedTouch.lan.domain > jurjen.lan.62273:  23988 NXDomain 0/1/0 (117)
> 20:42:02.361174 IP sys00.lan.netbios-dgm > 10.0.0.255.netbios-dgm: NBT UDP PACKET(138)
>
> And the website has loaded... how is this possible??
>
> greets, jurjen
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
>