Date: Thu, 6 Jun 2002 13:21:28 -0400 From: Rob Ellis <rob@web.ca> To: freebsd-questions@FreeBSD.ORG Subject: ipfw: 'out via fxp0' rules don't work Message-ID: <20020606172128.GH18966@web.ca>
next in thread | raw e-mail | index | archive | help
i have the following rules, on a box with 4 interfaces, that are intended to allow outbound connections... ipfw add allow udp from any to any out xmit fxp0 keep-state ipfw add allow tcp from any to any out xmit fxp0 setup keep-state but this doesn't work as i thought it would. for instance, 'in via xl0' packets are still being blocked. i also tried ipfw add allow udp from any to any out recv xl0 xmit fxp0 keep-state ipfw add allow tcp from any to any out recv xl0 xmit fxp0 setup keep-state which also didn't work. the packets i want to allow are indeed coming in via xl0 and out via fxp0, but the error is always like: > Jun 6 12:46:30 myname /kernel: ipfw: 22901 Deny TCP xxx.xxx.xxx.xxx:3325 yyy.yyy.yyy.yyy:80 in via xl0 a rule like ipfw add allow tcp from xxx.xxx.xxx.0/24 to any 80 setup keep-state does work, but i want to firewall off the internal networks from each other, and i didn't want to get into any more skipto rules... in short, interface-based in/out rules don't seem to work. anyone have any ideas? i am just not understanding how the interface-based rules are supposed to work? the firewall box is running 4.5-RELEASE-p4. thanks. - rob To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020606172128.GH18966>