From owner-freebsd-security  Wed Jan 24  7:45:25 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hex.databits.net (hex.databits.net [207.29.192.16])
	by hub.freebsd.org (Postfix) with SMTP id 6976637B404
	for <freebsd-security@freebsd.org>; Wed, 24 Jan 2001 07:45:07 -0800 (PST)
Received: (qmail 5151 invoked by uid 1001); 24 Jan 2001 15:46:31 -0000
Date: Wed, 24 Jan 2001 10:46:31 -0500
From: Pete Fritchman <petef@databits.net>
To: John Telford <j.telford@sympatico.ca>
Cc: freebsd-security@freebsd.org
Subject: Re: IPFW modify the "simple" rule set 4.2 to allow ...
Message-ID: <20010124104631.B4887@databits.net>
References: <000a01c08606$9041efe0$2823e540@johnny2k>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <000a01c08606$9041efe0$2823e540@johnny2k>; from j.telford@sympatico.ca on Wed, Jan 24, 2001 at 08:07:11AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

[ freebsd-net removed ]

++ 24/01/01 08:07 -0500 - John Telford:
>I'd like to get the settings in the right place so I'm asking the experts. Freebsd 4.2 release with firewall type set to "simple". 
>It works but I'd like to allow 2 things through.
>SSH connections from the public side to the firewall.

You'll need to modify /etc/rc.firewall.  Look through until you see something
like:

[Ss][Ii][Mm][Pp][Ll][Ee])
        ############
        # This is a prototype setup for a simple firewall.  Configure this
        # machine as a named server and ntp server, and point all the machines
        # on the inside at this machine for those services.
        ############

Scroll down and before the command that says "Reject&Log all setup of incoming
connections ...", add: 

	# Allow access to SSH
	${fwcmd} add pass tcp from any to ${oip} 22 setup

>Connections to a Web server on the inside.

I'm not quite sure what you mean - do you have a webserver on another port?
WWW is already allowed through in the simple firewall type.

>
>Thanks in advance. John.

-pete

--
Pete Fritchman <petef@databits.net>
Databits Network Services, Inc. <http://databits.net>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message