Date: Tue, 30 Jul 2002 08:36:36 -0500 From: "Jack L. Stone" <jackstone@sage-one.net> To: robert Backhaus <robbakfreebsd@yahoo.co.uk>, Mark Pearce <mark@netchat.co.za>, freebsd-questions@FreeBSD.ORG Subject: Re: ipfw weirdness Message-ID: <3.0.5.32.20020730083636.011ab608@mail.sage-one.net> In-Reply-To: <20020730132534.52905.qmail@web12902.mail.yahoo.com> References: <20020730143133.217d5d2d.mark@netchat.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
At 06:25 AM 7.30.2002 -0700, robert Backhaus wrote: >Your suggested rules didn't make alot of sense to me. > >--- Mark Pearce <mark@netchat.co.za> wrote: >> Hi all >> >> I have the following situation, I have a client >> behind my box running exchange, and they are getting >> spammed to death, I want to disallow all incoming >> traffic to their box, but allow incoming traffic >> from their secondries only, the secondries are not >> getting spammed at this moment. >> >> I am running a ipfw / natd combination >> >> My default ruleset is allow all >> I run the command >> >> ipfw add allow 200 tcp from 196.x.x.x to 196.x.x.y >> 25 > >thsi would allow comunication between 2 machines. It >is matching packets from machine 196.x.x.x to machine >196.x.x.y, not packets involving the range. if these >are both on the same subnet and don't go through your >router, this rule should have no effect - the rule >would never trigger. > >> and it effectivly blocks everything coming from >> anywhere even although I have just allowed it, if I >> remove the rule, it works fine again. >> >> If I run the rule >> ipfw add 200 deny tcp from not 196.x.x.x to >> 196.x.x.y 25 > >that may kill almost everything - anything coming from >any machine that is not 196.x.x.x to 196.x.x.y on port >25. > >Maybe I've got something wrong, in which case i would >LOVE to be corrected. > > it works on the port, but blocks all >> other traffic which is not what I had in mind. >> >> What am I overlooking here. >> >> Help >> >> Mark >> >I think your after ipfw add 200 deny tcp from any to >196.x.x.y 25. That would block all mail posting to >it's smtp. > > ....also, is the rule inserted before or after your "divert" rule....??? Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net jackstone@sage-one.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20020730083636.011ab608>