Date: Thu, 22 Feb 2001 13:17:52 -0500 (EST) From: evilwolf@cyberdude.com To: questions@freebsd.org Subject: Ipfw with dial-up Message-ID: <010222131752DZ.06490@weba2.iname.net>
next in thread | raw e-mail | index | archive | help
Dear FreeBSD guys-
I have FreeBSD 4.0 that I recently got. I wanted to set up the ipfw firewall included with it and so I went to your tutorials and followed that exactly.
I added this to the kernel and recompiled it:
-------------------------------------------
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPDIVERT
Then, to the rc.conf file I added:
---------------------------------
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-dynamic"
I didn't have NAT running so I didn't have to disable it.
Next, I set the firewall rules to what your tutorial said (I planned to change them later on):
--------------------------------------
# Firewall rules
# Written by Marc Silver (marcs@draenor.org)
# http://draenor.org/ipfw
# Freely distributable
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Divert all packets through the tunnel interface.
$fwcmd add divert natd all from any to any via tun0
# Allow all data from my network card and localhost. Make sure you
# change your network card (mine was fxp0) before you reboot. :)
$fwcmd add allow ip from any to any via lo0
$fwcmd add allow ip from any to any via fxp0
# Allow all connections that I initiate.
$fwcmd add allow tcp from any to any out xmit tun0 setup
# Once connections are made, allow them to stay open.
$fwcmd add allow tcp from any to any via tun0 established
# Everyone on the internet is allowed to connect to the following
# services on the machine. This example shows that people may connect
# to ssh and apache.
$fwcmd add allow tcp from any to any 80 setup
$fwcmd add allow tcp from any to any 22 setup
# This sends a RESET to all ident packets.
$fwcmd add reset log tcp from any to any 113 in recv tun0
# Allow outgoing DNS queries ONLY to the specified servers.
$fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0
# Allow them back in with the answers... :)
$fwcmd add allow udp from x.x.x.x 53 to any in recv tun0
# Allow ICMP (for ping and traceroute to work). You may wish to
# disallow this, but I feel it suits my needs to keep them in.
$fwcmd add 65435 allow icmp from any to any
# Deny all the rest.
$fwcmd add 65435 deny log ip from any to any
-----------------------------------------
Now when I reboot, it the startup messages I see something like "interface tun0 doesn't exist". And when I try to connect to the net, I can connect but cant send any packets out or recieve any for that matter. Am I supposed to replace to reference to "tun0" in rc.conf and/or the fwrules with the device name of my modem....? Or what? Got any ideas I could try out? Thanks for your help.
-Evilwolf
---------------------------------------------------
Get free personalized email at http://www.iname.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010222131752DZ.06490>