Date: Sun, 28 Mar 1999 14:23:57 +0200 (IST) From: Noor Dawod <noor@NetVision.net.il> To: freebsd-hackers@freebsd.org Subject: ipfw behavior, is it normal? Message-ID: <Pine.GSO.4.05.9903281416150.20028-100000@nvt.netvision.net.il>
next in thread | raw e-mail | index | archive | help
Hi.. Like many others have done before me, this is my first message to this mailing list and I hope not the last. I've been dealing with FreeBSD for quite some time now, and I cannot still understand why few ipfw rules don't work for me. I would like to share it with you and maybe get some help on it. My current ipfw rules are: ----------------------------------------------------------------- 00100 allow ip from any to any via lo0 00200 allow ip from [machine-a-ip] to [server-ip] via xl0 00300 allow ip from [machine-b-ip] to [server-ip] via xl0 00400 allow ip from any to [server-ip] 80 in via xl0 00500 allow ip from any to [server-ip] 21 in via xl0 65000 allow ip from any to any 65535 deny ip from any to any ----------------------------------------------------------------- 00200 and 00300 seem redundant because of rule 65000. But this is where all the problem lies. If I understand right the ipfw rules, if I remove line 65000 from the rules table, then I can still do all ip-related actions from [machine-a] and [machine-b], which their ip numbers are listed in 00200 and 00300. But, once I remove line 65000, I cannot do any ip-related actions on the [server], and even WWW/FTP services are not served as well. What am I missing here, and why the 65000 line MUST be there so that I could access [server] from [machine-a] and [machine-b] ? I apologize if this is not the place to ask such questions, and would like to be told where to send it instead. Thanks for your time and efforts. Noor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.05.9903281416150.20028-100000>