From owner-freebsd-isp  Sun Feb 15 12:45:32 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA19687
          for freebsd-isp-outgoing; Sun, 15 Feb 1998 12:45:32 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA19682
          for <freebsd-isp@FreeBSD.ORG>; Sun, 15 Feb 1998 12:45:30 -0800 (PST)
          (envelope-from archie@whistle.com)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id MAA23898; Sun, 15 Feb 1998 12:43:18 -0800 (PST)
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma023896; Sun Feb 15 12:43:06 1998
Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id MAA25386; Sun, 15 Feb 1998 12:43:05 -0800 (PST)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199802152043.MAA25386@bubba.whistle.com>
Subject: Re: ipfw rule for permit http access
In-Reply-To: <1.5.4.32.19980214155709.009eef1c@exsocom.com.mx> from Alejandro Galindo at "Feb 14, 98 09:57:09 am"
To: agalindo@servidor.exsocom.com.mx (Alejandro Galindo)
Date: Sun, 15 Feb 1998 12:43:05 -0800 (PST)
Cc: freebsd-isp@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL31 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Alejandro Galindo writes:
>         Hi, i installed an ipfirewall with the packet filter (ipfw), i need
> permit the conection to my http server, and i have the next rules:
> 
> ipfw add pass tcp from any >1023 to 200.43.1.1 80
> ipfw add pass tcp from 200.43.1.1 80 to any >1023
> 
> but the external clients cant access to my Web server. Can you indicate me
> if the rules are ok? or, what rules can i do?

That looks right, except for the syntax. What you want is:

  ipfw add pass tcp from any 1023-65535 to 200.43.1.1 80
  ipfw add pass tcp from 200.43.1.1 80 to any 1023-65535

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message