From owner-freebsd-isp  Wed Dec 10 13:45:26 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id NAA21918
          for isp-outgoing; Wed, 10 Dec 1997 13:45:26 -0800 (PST)
          (envelope-from owner-freebsd-isp)
Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id NAA21911
          for <freebsd-isp@freebsd.org>; Wed, 10 Dec 1997 13:45:22 -0800 (PST)
          (envelope-from kpielorz@tdx.co.uk)
Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242])
	by caladan.tdx.co.uk (8.8.5/8.8.5) with ESMTP id VAA02734
	for <freebsd-isp@freebsd.org>; Wed, 10 Dec 1997 21:25:21 GMT
Message-ID: <348F0E8C.6300F790@tdx.co.uk>
Date: Wed, 10 Dec 1997 21:50:04 +0000
From: Karl Pielorz <kpielorz@tdx.co.uk>
Organization: TDX
X-Mailer: Mozilla 4.04 [en] (WinNT; I)
MIME-Version: 1.0
To: freebsd-isp@freebsd.org
Subject: Re: ipfw rule needed
References: <Pine.BSF.3.96.971210100457.19886B-100000@fly.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Try:

ipfw add allow tcp from xx.xx.xx.xx 1023-65535 to yy.yy.yy.yy 23
ipfw add allow tcp from yy.yy.yy.yy 23 to xx.xx.xx.xx 1023-65535 established

ipfw add allow tcp from yy.yy.yy.yy 1023-65535 to xx.xx.xx.xx 23
ipfw add allow tcp from xx.xx.xx.xx 23 to yy.yy.yy.yy 1023-65535 established

Where xx.xx.xx.xx = Remote Specific Host and yy.yy.yy.yy is your Host on your
Network (that was previously blocked).

This should allow SMTP in / out from / to the machines you require...

Kp



Gary Blumenstein wrote:
> 
> Folks,
> 
> Can anyone help me define a working rule combination that allows smtp
> traffic to and from a specific host sitting outside my firewall?  By
> default, I block all ip traffic to the network where this particular host
> resides, so I want to install a a more specific rule earlier in the chain
> that preferably defines the port numbers on both the inbound and outbound
> packet (ie. port 25 and corresponding "ack" response flags on ports >
> 1024)
> 
> Thanks for any help!
> 
> -Gary
> 
> P.S.  Also, is there a FAQ (besides the FreeBSD faq) for this mailing
> list?  I'm a new member.
> 
> --
> garyb@fly.com