From owner-freebsd-security Wed Jul 5 13:29:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from outblaze12.outblaze.com (209.249.164.196.outblaze.com [209.249.164.196]) by hub.freebsd.org (Postfix) with SMTP id 8B7C737B5E5 for ; Wed, 5 Jul 2000 13:29:41 -0700 (PDT) (envelope-from openzero@bsdmail.com) Received: (qmail 64114 invoked by uid 1001); 5 Jul 2000 20:29:37 -0000 Message-ID: <20000705202937.64113.qmail@bsdmail.com> Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit Mime-Version: 1.0 X-Mailer: MIME-tools 4.104 (Entity 4.117) From: openzero@bsdmail.com To: freebsd-security@freebsd.org Date: Wed, 05 Jul 2000 21:29:37 +0100 Subject: Firewalls and the endless story! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hm! After posting, for some help with my sucky fireball I upgraded from FreeBSD-2.2.8-RELEASE to FreeBSD-3.4-RELEASE + SecureBSD1.0, in hope it will work now. But nothing happends! The firewall doesn't work and FreeBSD-3.4 (and 4.0) is a boring unstable system! So, I downloaded via cvsup the FreeBSD-2.2.8-STABLE! It really rulez! But the firewall problem still exists, and with this configuration I can't surf the web too! ;) Hm! Please I need help! It's very important! For you, who wants to help me. Here are some information on what the firewall has to do! 1. I'm running an anonyous ftp- Server 2. I need to browse the web 3. Sendmail could be enabled (not needed!) Here is my actual configration, which still suckz! At the momemt, I can only browse via: # ipfw -f flush! --- CUT HERE --- fwcmd="/sbin/ipfw" $fwcmd -f flush $fwcmd add allow ip from any to any via lo0 $fwcmd add deny log ip from any to 127.0.0.1/8 $fwcmd add allow ip from any to any via rl0 $fwcmd add divert 8668 all from any to any via tun0 $fwcmd add allow tcp from any to any out xmit tun0 setup $fwcmd add allow tcp from any to any via tun0 established $fwcmd add allow log tcp from any to any 21 setup $fwcmd add allow log tcp from any 20 to any setup # really needed ????? $fwcmd add reset log tcp from any to any 113 in recv tun0 $fwcmd add allow udp from any to 194.25.2.129 53 out xmit tun0 $fwcmd add allow udp from 194.25.2.129 53 to any in recv tun0 $fwcmd add deny log icmp from any to any $fwcmd add deny log ip from any to any -- CUT HERE --- My kernel: DEFAULT_TO_ACCEPT VERBOSE_LIMIT=10 rc.conf: natd_enable="YES" natd_device="tun0" natd_flags="-dynamic" Please, need help! Thanx.... Daniel Ridder (It's an SOS! I need this wall much fast I can get! For later times, is there a book to get most out of BSD firewalls????) -- Get your free email from http://www.bsdmail.com Powered by Outblaze To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message