Date: Wed, 17 Oct 2001 19:56:52 +0100 From: "Kastaki" <kastaki@ganbert.com> To: <freebsd-newbies@FreeBSD.org>, <freebsd-questions@FreeBSD.org> Cc: <sysadmin@acrilic.net> Subject: Fw: Firewalling on FreeBSD Message-ID: <0d5d01c1573d$7c914000$6760ff3e@computer>
next in thread | raw e-mail | index | archive | help
I am copying this to two of the FreeBSD lists, and I am sure someone will help you.... Let me know, as I will start doing this soon!! ----- Original Message ----- From: sysadmin <sysadmin@acrilic.net> To: <security-basics@security-focus.com> Sent: Tuesday, October 16, 2001 7:26 PM Subject: Firewalling on FreeBSD > Hey guys, I have been trying to figure this out all day and it has > lead me no where... I contacted a few of my friends online and their also > clueless to why my methods of madness haven't lead to success. > > I have setup a FreeBSD firewall on version 3.5-Stable that > basically denies all incoming connections, but allows established > connections and certain ports. Those ports for example are like 20,21,80 > etc.. ANYWAYS, to make a long story short I have had a big problem letting > anyone on my box ftp out to the world. It connects in fine, but it hangs > in both passive / and non passive modes. > > Here are some logs: > > Acrilic:/var/log# ipfw list|grep 20 > 00200 deny ip from any to 127.0.0.0/8 > 00200 allow tcp from any to any 20 > 00200 allow tcp from any to any 21 > 00200 allow tcp from any to any 22 > 00200 allow tcp from any to any 23 > 00200 allow tcp from any to any 25 > 00200 allow tcp from any to any 43 > 00200 allow udp from any to any 43 > 00200 allow tcp from any to any 53 > 00200 allow udp from any to any 53 > 00200 allow tcp from any to any 80 > 00200 allow tcp from any to any 113 in > 00200 allow tcp from any to any 113 uid bind out > 00200 allow tcp from any to any uid root out > 00200 allow udp from any to any uid root out > > > > ftp> passive > Passive mode off. > ftp> ls > 200 PORT command successful. > ^C > ^Z > [1]+ Stopped ftp ftp.freebsd.org > > > Any help would be appreciated, thanks! > > > ---------------Jonathan James---------------- > ----------Acrilic.net Systems Admin.--------- > Http://www.acrilic.net <sysadmin@acrilic.net> > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0d5d01c1573d$7c914000$6760ff3e>