Date: 05 Aug 2003 19:01:37 +0100 From: Mick Walker <mick@materialised.hopto.org> To: freebsd-config@freebsd.org Subject: IPFW Help Message-ID: <1060106496.1360.7.camel@materialised.hopto.org>
next in thread | raw e-mail | index | archive | help
Hi everyone, Im a totally new user to freeBSD and am currentyly running 5.1 release 2 on a Intel based machine. I have been a linux user for many years and am quite familier with ipchains/tables. However migrating to freebsd is proving to be quite a challenge to me. Up until this point I have got everything working as it did on my linux gateway, I have configured natd to masquerade connections for the internal network, and set x to start up at boot. However one thing is evading me, I cant seem to add any firewall rules. Here is the contents of my /etc/rc.firewall file which is called by rc.local on boot, bash-2.05b$ cat /etc/rc.firewall /sbin/ipfw flush /sbin/ipfw add divert natd all from any to any via sis0 /sbin/ipfw add pass all from any to any /sbin/ipfw add 00322 deny log tcp from any to any 6000 in recv sis0 /sbin/ipfw add 00322 deny log tcp from any to any 0-1000 in recv sis0 setup /sbin/ipfw add 00499 deny log udp from any to any in recv sis0 /sbin/ipfw add 00322 deny log tcp from any to any 3306 in recv sis0 /sbin/ipfw add 00322 deny log tcp from any to any 587 in recv sis0 /sbin/ipfw add 00322 deny log tcp from any to any 135-140 in recv sis0 /sbin/ipfw add 00310 allow tcp from 62.254.64.21 53 to any in recv sis0 /sbin/ipfw add 00322 allow log tcp from any to any 23 in recv sis0 setup /sbin/ipfw add 00322 allow log tcp from any to any 22 in recv sis0 setup /sbin/ipfw add 00322 allow log tcp from any to any 21 in recv sis0 setup /sbin/ipfw add 00322 allow log tcp from any to any 80 in recv sis0 setup /sbin/ipfw add 00322 allow log tcp from any to any 25 in recv sis0 setup /sbin/ipfw add 00322 allow log tcp from any to any 110 in recv sis0 setup /sbin/ipfw add 00400 allow udp from 62.254.64.21 53 to any in recv sis0 /sbin/ipfw add 00600 allow icmp from 62.254.64.21 to any in recv sis0 /sbin/ipfw add 00310 allow tcp from 62.254.64.21 53 to any in recv sis0 I have been told that I should rearrange these things so the deny and allow rules are before the pass all from any to any rule, however when I do this the whole system doesnt seem to have any internet access, I cant ping any system over the internet or connect to any services. Could someone please point out where I am going wrong? Thanks in advance Mick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1060106496.1360.7.camel>