Date: Wed, 12 May 1999 14:41:23 -0400 From: "MPN" <neubyneu@twcny.rr.com> To: <freebsd-questions@FreeBSD.ORG> Subject: IPFW question... Message-ID: <000701be9ca7$08ffb5c0$04c809c0@kramer.cmsnet.net>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0004_01BE9C85.81896080 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello. I'm currently running FBSD-2.2.6-Release. I have set up my = FreeBSD box running nat to do the translation to the internet for my = home network. The FreeBSD server box has two ethernet cards. ed0 = connected to my internal network and ed1 connected to my cable modem. = NATD is currently working properly. What I'd like to do, though, is = allow only certain port connections. For example, I would like to allow = telnet, ftp, and http. If I take out the line allow all from any to = any, nothing works. NAT doesn't do the translation for some reason. = Here are my current rules: maddog# ipfw list 00031 deny log udp from any to any 31337 00032 deny log tcp from any to any 31337 00100 divert 6668 ip from any to any via ed1 00101 allow udp from any to any 21 00102 allow tcp from any to any 21 00202 allow tcp from any to any 23 00302 allow udp from any to any 23 00402 allow tcp from any to any 80 00502 allow udp from any to any 80 00602 allow tcp from any to any 53 00702 allow udp from any to any 53 65535 deny ip from any to any This *should* block everything except ftp, http, telnet, and dnsqueries. = It isn't working though. What is wrong? Any help is greatly = appreciated. THanks in advance. -- MPN - President, Computer Management Systems -- ------=_NextPart_000_0004_01BE9C85.81896080 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.3612.1700"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#fff8e0> <DIV><FONT color=3D#000000 size=3D2>Hello. I'm currently running=20 FBSD-2.2.6-Release. I have set up my FreeBSD box running nat to do = the=20 translation to the internet for my home network. The FreeBSD = server box=20 has two ethernet cards. ed0 connected to my internal network = and ed1=20 connected to my cable modem. NATD is currently working = properly. =20 What I'd like to do, though, is allow only certain port = connections. =20 For example, I would like to allow telnet, ftp, and http. If I = take out=20 the line allow all from any to any, nothing works. NAT doesn't do = the=20 translation for some reason. Here are my current = rules:</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2>maddog# ipfw list</FONT></DIV> <DIV><FONT size=3D2>00031 deny log udp from any to any 31337<BR>00032 = deny log tcp=20 from any to any 31337<BR>00100 divert 6668 ip from any to any via = ed1<BR>00101=20 allow udp from any to any 21<BR>00102 allow tcp from any to any = 21<BR>00202=20 allow tcp from any to any 23<BR>00302 allow udp from any to any = 23<BR>00402=20 allow tcp from any to any 80<BR>00502 allow udp from any to any = 80<BR>00602=20 allow tcp from any to any 53<BR>00702 allow udp from any to any = 53<BR>65535 deny=20 ip from any to any<BR></FONT>This *should* block everything except ftp, = http,=20 telnet, and dnsqueries. It isn't working though. What is=20 wrong? Any help is greatly appreciated. THanks in = advance.</DIV> <DIV>--</DIV> <DIV>MPN - President, Computer Management Systems</DIV> <DIV>--</DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV></BODY></HTML> ------=_NextPart_000_0004_01BE9C85.81896080-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000701be9ca7$08ffb5c0$04c809c0>