Date: Wed, 5 Dec 2001 19:46:57 -0500 (EST) From: Didier Rwitura <drwitura@primus.ca> To: <freebsd-ipfw@freebsd.org> Subject: IPFW with SSH Message-ID: <Pine.LNX.4.30.0112051944490.15244-100000@staffshell.primus.ca>
next in thread | raw e-mail | index | archive | help
.. can u guys help me with opening ssh port 22 using ipfw (I can conect to other hosts without any problem but can not access my box from outsite ... here are all my ruleset file #from man 8 ipfw: allow only outbound TCP connections I've created #allow ssh add 00300 check-state add 00301 allow tcp from any to any in established add 00302 allow tcp from any ssh to any out setup keep-state add 00304 allow tcp from any to any ssh in add 00305 allow tcp from any to any out setup keep-state #allow DNS add 00400 allow udp from 24.200.243.242 53 to any in recv ed0 add 00401 allow udp from 24.201.245.114 53 to any in recv ed0 add 00402 allow udp from 24.200.243.250 53 to any in recv ed0 ##Dynamic rules add 00403 allow udp from any to any out add 00501 allow udp from 10.23.128.2 67 to any 68 in via ed0 #allow some icmp types (codes ot supported) #####allow path-mtu in both directions add 00600 allow icmp from any to any icmptypes 3 ####allow source quench in and out add 00601 allow icmp from any to any icmptypes 4 #### allow me to ping out and receive response back add 00602 allow icmp from any to any icmptypes 8 out add 00603 allow icmp from any to any icmptypes 0 in ## allow me to run traceroute add 00604 allow icmp from any to any icmptypes 11 in thanx for your time -- ------------------------------------------ Didier Rwitura <drwitura@primus.ca> Technical Support Technique Primus Canada http://support.primus.ca Tel: 1-800-370-0015 Ext :8628 "Perfectionism is a dangerous state of mind in an imperfect world." --Robert Hillyer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.30.0112051944490.15244-100000>