Date: Thu, 16 May 2002 21:20:57 +0300 From: Alexandr Kovalenko <never@nevermind.kiev.ua> To: mohammad mirzaeenasir <hezare3@hotmail.com> Cc: marcr@closed-networks.com, freebsd-security@FreeBSD.ORG Subject: Re: reply Message-ID: <20020516182057.GB7239@nevermind.kiev.ua> In-Reply-To: <F9Mv2bKuX5TEMoUBuao00002523@hotmail.com> References: <F9Mv2bKuX5TEMoUBuao00002523@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, mohammad mirzaeenasir! On Thu, May 16, 2002 at 12:23:52PM +0000, you wrote: > hi, > thanks for your reply.I installed a transparent proxy on my machine with > "ipfw" rules.everything is ok and i tested it.but someone told me that > if you set your "kernel_secure_level = NO" , all kind of tcp connection > will ignore by kernel and for example in the case of telneting it , > it will reply "connection timed out". and i checked it , he was quit > right.i did so(kernel_secure_level=NO) but when i telnet my unix box, it > will reply me "connection refused". > now, plz help me to find out more. It depends on how will you access your machine. If you're accessing via ssh, you should add sshd_enable="YES" to your /etc/rc.conf. Now you should determine which ports do you need to be open. For your case it will be 22 (ssh), 3128 (squid). So you can allow only those ports with ipfw add allow tcp from any to any 22 in recv ed0 ipfw add allow tcp from any 22 to any out xmit ed0 ipfw add allow tcp from any to any 3128 in recv ed0 ipfw add allow tcp from any 3128 to any out xmit ed0 and finally deny all other packets: ipfw deny ip from any to any P.S. securelevel has nothing to do with firewall. -- NEVE-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020516182057.GB7239>