From owner-freebsd-questions  Tue Oct  6 14:16:04 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA23174
          for freebsd-questions-outgoing; Tue, 6 Oct 1998 14:16:04 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA23064
          for <freebsd-questions@FreeBSD.ORG>; Tue, 6 Oct 1998 14:15:40 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by resnet.uoregon.edu (8.8.8/8.8.8) with ESMTP id OAA03590;
          Tue, 6 Oct 1998 14:15:24 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Date: Tue, 6 Oct 1998 14:15:23 -0700 (PDT)
From: Doug White <dwhite@resnet.uoregon.edu>
To: Brian <brian@briang.org>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: IPFW
In-Reply-To: <000701bdefea$33c24f80$2a00a8c0@brian-desktop.thetingroup.com>
Message-ID: <Pine.BSF.4.03.9810061415060.19930-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, 4 Oct 1998, Brian wrote:

> I'm running FreeBSD 2.2.7 and have natd running with the IP Firewall enabled
> 
> /etc/rc.conf
> FXP0=24.1.88.xxx
> &
> FXP0=192.168.0.1
> 
> --> ipfw -a l
> 
> 00100      31163   20091250 divert 6668 ip from any to any via fxp0
> 00100        130      14898 allow ip from any to any via lo0
> 00200          0          0 deny ip from any to 127.0.0.0/8
> 00300          0          0 deny log tcp from 24.0.0.0/8 to any 1-21 in recv
> fxp0
> 00400          0          0 deny log tcp from 24.0.0.0/8 to any 23-52 in
> recv fxp0
> 00500          0          0 deny log tcp from 24.0.0.0/8 to any 56-109 in
> recv fxp0
> 00600          0          0 deny log tcp from 24.0.0.0/8 to any 111-1023 in
> recv fxp0
> 00700          0          0 deny log tcp from 24.0.0.0/8 to 24.0.0.0/8
> 1026-65000 in recv fxp0
> 65000      62854   40131837 allow ip from any to any
> 65535          0          0 deny ip from any to any
> 
> Now my question is how would I tell it to allow any and everthing from
> 24.1.122.xxx
> I have tryed to put that segment in as allow
> 
> $fwcmd add allow all from 24.1.122.0/24 to any in via fxp0

It's all about ordering ... your divert rule is caching everything first.

Doug White                               
Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message