From owner-freebsd-isp  Sun Feb 15 12:51:24 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA20337
          for freebsd-isp-outgoing; Sun, 15 Feb 1998 12:51:24 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from ha1.rdc1.sfba.home.com (siteadm@ha1.rdc1.sfba.home.com [24.0.0.66])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA20306
          for <freebsd-isp@FreeBSD.ORG>; Sun, 15 Feb 1998 12:51:21 -0800 (PST)
          (envelope-from ludwigp@bigfoot.com)
Received: from speedy.plstn1.sfba.home.com ([24.1.82.47])
          by ha1.rdc1.sfba.home.com (Netscape Mail Server v2.02) with SMTP
          id AAA10366; Sun, 15 Feb 1998 12:51:13 -0800
Message-Id: <3.0.3.32.19980215125219.0333a778@mail.plstn1.sfba.home.com>
X-Sender: ludwigp@mail.plstn1.sfba.home.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Sun, 15 Feb 1998 12:52:19 -0800
To: Archie Cobbs <archie@whistle.com>,
        agalindo@servidor.exsocom.com.mx (Alejandro Galindo)
From: Ludwig Pummer <ludwigp@bigfoot.com>
Subject: Re: ipfw rule for permit http access
Cc: freebsd-isp@FreeBSD.ORG
In-Reply-To: <199802152043.MAA25386@bubba.whistle.com>
References: <1.5.4.32.19980214155709.009eef1c@exsocom.com.mx>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 12:43 PM 2/15/98 -0800, Archie Cobbs wrote:
>Alejandro Galindo writes:
>>         Hi, i installed an ipfirewall with the packet filter (ipfw), i need
>> permit the conection to my http server, and i have the next rules:
>> 
>> ipfw add pass tcp from any >1023 to 200.43.1.1 80
>> ipfw add pass tcp from 200.43.1.1 80 to any >1023
>> 
>> but the external clients cant access to my Web server. Can you indicate me
>> if the rules are ok? or, what rules can i do?
>
>That looks right, except for the syntax. What you want is:
>
>  ipfw add pass tcp from any 1023-65535 to 200.43.1.1 80
>  ipfw add pass tcp from 200.43.1.1 80 to any 1023-65535
>
>-Archie
>___________________________________________________________________________
>Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com

actually, it's

ipfw add pass tcp from any 1024-65535 to 200.43.1.1 80
ipfw add pass tcp from 200.43.1.1 80 to any 1024-65535

--Ludwig Pummer
------------------------------------------------------------------
ludwigp@bigfoot.com   ICQ UIN: 692441   http://chipweb.home.ml.org
PGP Key & Geek Code available on web page

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message