From owner-freebsd-questions Mon Mar 11 8:30:20 2002 Delivered-To: freebsd-questions@freebsd.org Received: from sage-one.net (adsl-208-191-226-68.dsl.crchtx.swbell.net [208.191.226.68]) by hub.freebsd.org (Postfix) with ESMTP id 99ED937B41E for ; Mon, 11 Mar 2002 08:29:19 -0800 (PST) Received: from SAGEONE (sageone [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g2BGTGH15075; Mon, 11 Mar 2002 10:29:16 -0600 (CST) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020311102914.01130098@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Mon, 11 Mar 2002 10:29:14 -0600 To: =?iso-8859-1?Q?=22Peter_Lepp=E4nen=22?= From: Server Admin Subject: Re: IPFW question! Cc: questions@FreeBSD.ORG In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Peter: I never could get that script to work out of the box, and modified it considerably. It has a rule for http, but may not be assigned right for you. Here is the rule I changed to and works for my setup: # HTTP - Allow access to our web server ${fwcmd} add pass tcp from any to any 80 setup At 04:34 PM 3.11.2002 +0100, Peter Lepp=E4nen wrote: > >Yes I understand that I have to modify the file if I like to have additional services like ssh and ftp and so on. >But the standard rc.firewall script, simple type should give me access to DNS and HTTP. > >Is this not correct? > >/Peter > > > =20 > Server Admin =20 > To: "Peter Lepp=E4nen" , =20 > Sent by: questions@FreeBSD.ORG =20 > owner-freebsd-questions@F cc: =20 > reeBSD.ORG Subject: Re: IPFW question! =20 > =20 > =20 > 2002-03-11 16:28 =20 > =20 > =20 > > > > >Peter, you will need to modify that very sparse basic script to allow any >additional services you want, like port 80 for http Internet services.... > >At 02:24 PM 3.11.2002 +0100, Peter Lepp=E4nen wrote: >>Hello! >> >>Installed a box with 4.5-release on it. Added IPFW and rebuilt the kernel. >>Then I enabled NAT and IPFIREWALL in rc.conf (and disabled some other >stuff). >>For start I changed the ipfirewall_type to "OPEN" to check that NAT= worked. >>And so it did...up to this point everything worked great. >>But when I changed the ipfirewall_type to "SIMPLE" I could no longer get >>out on the Internet =3D(. The simple type should give me access to do at >least DNS >>queries and run HTTP. It says so in the rc.firewall file anyway. >>The only modification that I have made to the rc.firewall file is adding= my >>ip, net and mask of my two NICs. >> >>Is this a known problem or what? Can=B4t find anything about it. >> >>Can somebody help me before I loose my mind! =3D) >> >>Regards! >> >>Peter >> >> >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-questions" in the body of the message >> >> >.... our website: http://www.sage-one.net/ > >Best regards, > >Jack L. Stone >Server Admin > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > > > > > .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message