From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 15 16:48:19 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE1BE16A4CE for ; Thu, 15 Apr 2004 16:48:19 -0700 (PDT) Received: from telesto.bi.lt (telesto.bi.lt [213.226.153.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 54C1643D53 for ; Thu, 15 Apr 2004 16:48:19 -0700 (PDT) (envelope-from hugle@vkt.lt) Received: from calypso.bi.lt (calypso.bi.lt [213.226.153.10]) by telesto.bi.lt (Postfix) with ESMTP id CD740974B8 for ; Fri, 16 Apr 2004 02:48:17 +0300 (EEST) Received: by calypso.bi.lt (Postfix, from userid 506) id 8F05459802B; Fri, 16 Apr 2004 02:48:19 +0300 (EEST) X-Original-To: freebsd-ipfw@freebsd.org Received: from vkt-dell (unknown [213.226.136.201]) by calypso.bi.lt (Postfix) with ESMTP id 6444C598004 for ; Fri, 16 Apr 2004 02:48:19 +0300 (EEST) Date: Fri, 16 Apr 2004 02:48:22 +0300 From: hugle X-Mailer: The Bat! (v2.01) X-Priority: 3 (Normal) Message-ID: <20209124174.20040416024822@vkt.lt> To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: ipfw FWD and NOT ME bug while SSHing ? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hugle List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Apr 2004 23:48:19 -0000 h> Hello all. h> I've just noticed some problems here.... look : h> whilee sshing to the server after running such command: h> bash-2.05b# ipfw add 3032 fwd x.x.x.1 ip from 192.168.0.0/16 to h> not me && sleep 15 && ipfw delete 3032 & h> I've got 'disconencted' from ssh for 15 seconds, console hanged up. h> But I was able to ping the machine h> BUT I wasn't able to ssh to this machine with its IP 192.168.x.x while h> sshing to x.x.x.59 to the same machine I've got IN (and after rule h> automaticaly removed after 15 sec this ocnsole hanged up) h> And after 15 seconds i was able to INPUT further.. h> Doesn anyone met this problem before? h> PS. h> 03020 5274 4396532 fwd z.z.z.161 ip from h> 192.168.0.0/16 to not me dst-port 22 h> command like that didn't take any affect after adding, was able to h> SSH. tried also adding such rules: fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 112-442 fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 445-1862 fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 1864-2081 fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 2083-3999 fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 4001-5049 fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 5051-5189 fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 5191-6110 fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 6120-6665 fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 6668-7000 fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 8000-9999 fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 10001-27014 fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 27016-65000 wlso blocked access to SSH. what is the clue ? thanks.