Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 05 Jul 2000 21:29:37 +0100
From:      openzero@bsdmail.com
To:        freebsd-security@freebsd.org
Subject:   Firewalls and the endless story!
Message-ID:  <20000705202937.64113.qmail@bsdmail.com>
next in thread | raw e-mail | index | archive | help 
Hm!
After posting, for some help with my sucky fireball
I upgraded from FreeBSD-2.2.8-RELEASE to FreeBSD-3.4-RELEASE
+ SecureBSD1.0, in hope it will work now.

But nothing happends! The firewall doesn't work
and FreeBSD-3.4 (and 4.0) is a boring unstable
system!

So, I downloaded via cvsup the FreeBSD-2.2.8-STABLE!
It really rulez!

But the firewall problem still exists, and with this
configuration I can't surf the web too! ;)

Hm! Please I need help! It's very important!

For you, who wants to help me. Here are some information
on what the firewall has to do!

1. I'm running an anonyous ftp- Server
2. I need to browse the web
3. Sendmail could be enabled (not needed!)

Here is my actual configration, which still suckz!
At the momemt, I can only browse via:
# ipfw -f flush!

--- CUT HERE ---
fwcmd="/sbin/ipfw"

$fwcmd -f flush

$fwcmd add allow ip from any to any via lo0
$fwcmd add deny log ip from any to 127.0.0.1/8
$fwcmd add allow ip from any to any via rl0

$fwcmd add divert 8668 all from any to any via tun0

$fwcmd add allow tcp from any to any out xmit tun0 setup
$fwcmd add allow tcp from any to any via tun0 established

$fwcmd add allow log tcp from any to any 21 setup
$fwcmd add allow log tcp from any 20 to any setup # really needed ?????

$fwcmd add reset log tcp from any to any 113 in recv tun0

$fwcmd add allow  udp from any to 194.25.2.129 53 out xmit tun0
$fwcmd add allow udp from 194.25.2.129 53 to any in recv tun0

$fwcmd add deny log icmp from any to any

$fwcmd add deny log ip from any to any
-- CUT HERE ---

My kernel:
DEFAULT_TO_ACCEPT
VERBOSE_LIMIT=10

rc.conf:
natd_enable="YES"
natd_device="tun0"
natd_flags="-dynamic"


Please, need help!



Thanx.... Daniel Ridder

(It's an SOS! I need this wall much fast I can get!
For later times, is there a book to get most out
of BSD firewalls????)
-- 
Get your free email from http://www.bsdmail.com

Powered by Outblaze


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000705202937.64113.qmail>