From owner-freebsd-security Wed Jul 5 13:56:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from web3202.mail.yahoo.com (web3202.mail.yahoo.com [204.71.202.199]) by hub.freebsd.org (Postfix) with SMTP id 3EDBB37B76D for ; Wed, 5 Jul 2000 13:56:25 -0700 (PDT) (envelope-from chancedj@yahoo.com) Message-ID: <20000705205623.29293.qmail@web3202.mail.yahoo.com> Received: from [140.175.112.105] by web3202.mail.yahoo.com; Wed, 05 Jul 2000 13:56:23 PDT Date: Wed, 5 Jul 2000 13:56:23 -0700 (PDT) From: Daryl Chance Reply-To: chancedj@intertek.net Subject: Re: Firewalls and the endless story! To: openzero@bsdmail.com, freebsd-security@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org i THINK you need to add (sorry not on my box at home) something like: # allow for DNS lookups both ways # is your nameserver $fwcmd add allow upd from any to 53 out xmit tun0 $fwcmd add allow upd from 53 to any in recv tun0 --- openzero@bsdmail.com wrote: > Hm! > After posting, for some help with my sucky fireball > I upgraded from FreeBSD-2.2.8-RELEASE to > FreeBSD-3.4-RELEASE > + SecureBSD1.0, in hope it will work now. > > But nothing happends! The firewall doesn't work > and FreeBSD-3.4 (and 4.0) is a boring unstable > system! > > So, I downloaded via cvsup the FreeBSD-2.2.8-STABLE! > It really rulez! > > But the firewall problem still exists, and with this > configuration I can't surf the web too! ;) > > Hm! Please I need help! It's very important! > > For you, who wants to help me. Here are some > information > on what the firewall has to do! > > 1. I'm running an anonyous ftp- Server > 2. I need to browse the web > 3. Sendmail could be enabled (not needed!) > > Here is my actual configration, which still suckz! > At the momemt, I can only browse via: > # ipfw -f flush! > > --- CUT HERE --- > fwcmd="/sbin/ipfw" > > $fwcmd -f flush > > $fwcmd add allow ip from any to any via lo0 > $fwcmd add deny log ip from any to 127.0.0.1/8 > $fwcmd add allow ip from any to any via rl0 > > $fwcmd add divert 8668 all from any to any via tun0 > > $fwcmd add allow tcp from any to any out xmit tun0 > setup > $fwcmd add allow tcp from any to any via tun0 > established > > $fwcmd add allow log tcp from any to any 21 setup > $fwcmd add allow log tcp from any 20 to any setup # > really needed ????? > > $fwcmd add reset log tcp from any to any 113 in recv > tun0 > > $fwcmd add allow udp from any to 194.25.2.129 53 > out xmit tun0 > $fwcmd add allow udp from 194.25.2.129 53 to any in > recv tun0 > > $fwcmd add deny log icmp from any to any > > $fwcmd add deny log ip from any to any > -- CUT HERE --- > > My kernel: > DEFAULT_TO_ACCEPT > VERBOSE_LIMIT=10 > > rc.conf: > natd_enable="YES" > natd_device="tun0" > natd_flags="-dynamic" > > > Please, need help! > > > > Thanx.... Daniel Ridder > > (It's an SOS! I need this wall much fast I can get! > For later times, is there a book to get most out > of BSD firewalls????) > -- > Get your free email from http://www.bsdmail.com > > Powered by Outblaze > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message > > ===== <--------------------------------------------------------------->
<- Daryl Chance  - A programmer is someone who solves a    ->
<- Programmer      - problem you didn't know you had in a ->
<- ----------------- - way you don't understand.       ->
<- Belial of -E-     -                - ?????       ->
<---------------------------------------------------------------> __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message