Date: Wed, 2 Jul 2003 11:35:42 -0500 (CDT) From: Jamie <jamie@gnulife.org> To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> Cc: freebsd-questions@freebsd.org Subject: Re: setting up ipfw Message-ID: <20030702113331.W7723-100000@floyd.gnulife.org> In-Reply-To: <03e401c3403b$959b58e0$1b41d5cc@nitanjared>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Jul 2003, Kevin Kinsey, DaleCo, S.P. wrote: > CORRECTION: > > That last rule I quoted is actually: > > 00050 allow tcp from any to my.ip.ad.res 22 setup > ^^ > Makes it work much better for SSH... > Well, I finally met with success this morning. The box is up to the point where I can start playing around with rulesets. I was able to get things rolling with the config Kevin sent, but I had to add a couple of udp entries for port 53 like David suggested as ssh has to resolve the IP before it allows connections to port 22. Thanks for the help. - Jamie > ----- Original Message ----- > From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> > To: "Jamie" <jamie@gnulife.org>; <freebsd-questions@freebsd.org> > Sent: Tuesday, July 01, 2003 8:29 PM > Subject: Re: setting up ipfw > > > > From: "Jamie" <jamie@gnulife.org> > > To: <freebsd-questions@freebsd.org> > > Sent: Tuesday, July 01, 2003 8:01 PM > > Subject: setting up ipfw > > > > > > > I am having a very difficult time setting up ipfw on a 4.8 > > > installation. Was wondering if anyone might be able to shed some > > light on > > > this. > > > > > > I followed the directions in the handbook, and I compiled a > new > > kernel > > > with these options, ( am going for a deny all by default, open > > services > > > as necessary philosophy): > > > > > > options IPFIREWALL > > > options IPFIREWALL_VERBOSE > > > options IPFIREWALL_VERBOSE_LIMIT=10 > > > > > > Upon rebooting, I was unable to access the machine from > > anywhere, which > > > is fine, because I have console access. > > > > > > Output of ifconfig -a looks like this: > > > > > > ifconfig -a > > > fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > > inet 200.88.54.93 netmask 0xffffff00 broadcast > > 200.88.54.255 > > > inet6 fe80::203:47ff:fe77:8169%fxp0 prefixlen 64 scopeid > > 0x1 > > > ether 00:03:47:77:81:69 > > > media: Ethernet autoselect (100baseTX <full-duplex>) > > > status: active > > > lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 > > > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > > > inet6 ::1 prefixlen 128 > > > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > > > inet 127.0.0.1 netmask 0xff000000 > > > ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 > > > sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 > > > faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 > > > > > > the name of the machine is power.bar.com > > > > > > > > > I want to ssh in from another machine: foo.bar.com with IP > > address > > > 200.88.34.12. > > > > > > > > > > > > This is the rule I am adding: > > > > > > > > > ipfw add allow tcp from 200.88.34.12 to power.bar.com 22 > > > > > > > > > It tells me it can't resolve power.bar.com! > > > > > > So, I try: > > > > > > ipfw add allow tcp from 200.88.34.12 to 200.88.54.93 22 > > > > > > It accepts the rule, but I still cannot connect from > > foo.bar.com. > > > > > > Anyone have any ideas? > > > > Are you allowing ip OUT from 200.88.54.93? > > > > Please post output of "ipfw show" (not that it's > > not implicit, I guess...) and describe your network > > topography. > > > > FWIW, here's my top few rules: > > > > 00010 allow ip from my.ip.ad.dres to any out > > 00020 deny log logamount 20 ip from any to any out > > 00030 allow tcp from any to any established > > 00040 allow ip from any to any frag > > 00050 allow tcp from any to my.ip.ad.res setup > > > > Kevin Kinsey > > DaleCo, S.P. > > > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > > > > "A friend is someone who lets you have total freedom to be yourself."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030702113331.W7723-100000>