Date: Sun, 15 Apr 2001 15:34:05 -0400 (EDT) From: Dru <genisis@istar.ca> To: Caleb Walker <cwalker@cwalk.org> Cc: questions@FreeBSD.ORG Subject: Re: IPFW rules Message-ID: <Pine.BSF.4.21.0104151522160.16109-100000@istar.ca> In-Reply-To: <001701c0c5d8$1f518d60$2701a8c0@cwalk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Caleb, The SSH server listens on TCP port 22, but the client uses any port below 1023 (if you're using .rhosts for authentication) or any port above 1024 if you're not using .rhosts for authentication. So it looks like when you remove rule 64101 you drop your responses. Have you tried something like this: 64000 allow tcp from any to any 22 in (you also might want to log that one) 64001 allow tcp from any 22 to any out established You won't need the UDP one for port 22. HTH, Dru On Sun, 15 Apr 2001, Caleb Walker wrote: > To make this simple this is what I have in my firewall for rules right now. > I am starting here so that I can figure out what I am doing wrong. I have > put the two port 22 rules at the top and right now it is at the bottom, so I > have tried both.. If I remove the rule nuber 64101 why can I not ssh in? > After I figure this out I will go ahead with the rest of my firewall > configuration. Thank you so much in advance for your help! > > <root-10:20am>#ipfw list > 00050 divert 8668 ip from any to any via xl0 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 64000 allow tcp from any to any 22 > 64001 allow udp from any to any 22 > 64101 allow ip from any to any > 65535 deny ip from any to any > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104151522160.16109-100000>