Date: Tue, 2 Jan 2001 19:25:42 -0500 (EST) From: freebsduser <freebsduser@earthlink.net> To: Murat SULUHAN <murat.suluhan@tesam.com.tr> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW help ( Urgent ) Message-ID: <Pine.BSF.4.05.10101021916480.25296-100000@bsdbox.gregory.earthlink.net> In-Reply-To: <NEBBKCBJALGONAJFPFDJOEBCCCAA.murat.suluhan@tesam.com.tr>
next in thread | previous in thread | raw e-mail | index | archive | help
I believe you will need to add rules to allow packets to travel back to the client or allow all established connections to pass. Try adding ipfw add 50 allow tcp from any to any established as the first rule. This will allow all established conections to pass imediately. otherwise you will have to add return rules for all your incoming rules: ipfw add 150 allow tcp from any 80 to any ipfw add 250 allow tcp from any 21 to any ipfw add 350 allow tcp from any 22 to any .....etc. If you add the "established" rule as the first rule you can change the other tcp rules to match only on setup since the "established" rule will match packets that have already gone through the connection setup. ipfw add 100 allow tcp from any to any established ipfw add 200 allow tcp from any to any 80 setup .....etc Checkout the /etc/rc.firewall script. Look at the simple section to get some examples on most of these rules and suggestions on rules for stopping spoofs and other misc... Scott On Tue, 2 Jan 2001, Murat SULUHAN wrote: > Hi all > > my ipfw script is below, kernel is default to deny > > ipfw -f flush > ipfw 00100 add allow all from any to any via lo0 > ipfw 00200 add allow tcp from any to any 80 > ipfw 00300 add allow tcp from any to any 21 > ipfw 00400 add allow tcp from any to any 22 > ipfw 00700 add allow udp from any to any 53 > ipfw 00800 add allow tcp from any to any 53 > ipfw 00810 add allow tcp from any to any 42 > ipfw 00900 add allow icmp from any to any > > I cannot connect to FreeBSD with ssh, ftp client, I cannot ping anywhere on > the Internet with its hostname, pinging with ip address is ok. I also cannot > connect with "ssh localhost" as normal user on the console. (Root connection > is denied) > > I can ping my FreeBSD from my client pc. > > > my ipfw -a list output is below > 00100 0 0 allow ip from any to any via lo0 > 00200 0 0 allow tcp from any to any 80 > 00300 0 0 allow tcp from any to any 21 > 00400 0 0 allow tcp from any to any 22 > 00700 0 0 allow udp from any to any 53 > 00800 0 0 allow tcp from any to any 53 > 00810 0 0 allow tcp from any to any 42 > 00900 8 480 allow icmp from any to any > 65535 106 8650 deny ip from any to any > > > Where is the problem? > > Best Regards > -------------------------------- > | > | Murat SULUHAN > | > -------------------------------- > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10101021916480.25296-100000>