Date: Wed, 5 Apr 2006 22:47:06 -0400 From: "Anthony M. Agelastos" <iqgrande@gmail.com> To: Ean Kingston <ean@istop.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw and ssh Message-ID: <9D26CBF7-6052-40AA-A7AA-8B47B9EE8E91@gmail.com> In-Reply-To: <200604052208.08520.ean@istop.com> References: <7DF2083F-A039-495E-8FAC-E6C9D8AA6391@gmail.com> <200604052208.08520.ean@istop.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Not just that, but it doesn't appear to be logging the events, even
after I added
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5
to /etc/sysctl.conf and
firewall_logging="YES"
into /etc/rc.conf, i see no updates to /var/log/security after the
ssh attempt failed. What am I doing wrong here? Thanks again everyone
for all of your help.
On Apr 5, 2006, at 10:08 PM, Ean Kingston wrote:
> You neglected to include the 'add' in your first fwcmd.
>
> You may want to try something simple to start with. I haven't used
> ipfw in a
> while so hopefully my syntax is still good. Here is a simple
> starting point:
>
> # Allow person SSH access
> mip="xxx.xxx.xxx.xxx" # IP Address of person
> ${fwcmd} add allow tcp from ${mip} to me 22 in # allow connection
> to ssh
> ${fwcmd} add allow tcp from me 22 to ${mip} out # allow me to respond
>
> I think all you really need is this:
>
> # Allow setup of incoming ssh
> ${fwcmd} add pass tcp from ${mip} to ${ip} 22 setup
>
> Since the rest of it should be taken care of by the rest of the
> 'client' ipfw
> setup.
>
> On Wednesday 05 April 2006 21:50, Anthony M.Agelastos wrote:
>> Hello everyone,
>>
>> Allow me to preface my problem by saying that I am very ignorant when
>> it comes to networking. I do apologize if this is trivial. In any
>> event, I enabled the "client" ifpw firewall located in /etc/
>> rc.firewall. This appears to work well for my needs... except for one
>> additional item. I need someone outside of my network to have SSH
>> access to my machine. I know his/her IP address. So, I have added
>> some additional items to rc.firewall for this. Here is what I added.
>>
>> # Allow person SSH access
>> mip="xxx.xxx.xxx.xxx"
>> ${fwcmd} allow tcp from any to any 22 out setup keep-state
>> ${fwcmd} add pass tcp from ${mip} to me 22 setup limit src-
>> addr 2
>>
>> I have tried many, many differing variations of this from items I
>> have found online. I cannot get any of them to work. My network setup
>> is as follows
>>
>> internet -> cable modem -> netgear router -> freebsd 6.1-prerelease
>>
>> This user can SSH into my machine when I set the firewall to "open".
>> Any ideas?
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe@freebsd.org"
>
> --
> Ean Kingston, BSc, CISSP, ARO
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9D26CBF7-6052-40AA-A7AA-8B47B9EE8E91>