Date: Wed, 3 Apr 2002 07:37:22 -0500 From: Donnie Jones <donniejones18@yahoo.com> To: Ramses van Pinxteren <ramses.van.pinxteren@cmg.nl> Cc: freebsd-questions@freebsd.org Subject: Re: IPF and Nat question Message-ID: <20020403073722.662079f1.donniejones18@yahoo.com> In-Reply-To: <395ABDBC0952D211BB2A00104BB3F93906A1ACE1@nl-amv-mail03.cmg.nl> References: <395ABDBC0952D211BB2A00104BB3F93906A1ACE1@nl-amv-mail03.cmg.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 3 Apr 2002 13:04:28 +0200 Ramses van Pinxteren <ramses.van.pinxteren@cmg.nl> wrote: > Hello question solvers around the world, > > I have a problem with my firewall... I think (suspect) there is something > wrong with the ordening of the rules but I am nog sure. can you pease take a > look at it and shoot me for the most stupid errors ever made?? > > The problem I have is when I load the firewall Nat will not work anymore :-( > does anyone have a suggesion?? > > ############################# > # > # Start firewall by blocking all incomming traffic > # > ############################# > > block in on xl0 all ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Not necessary with default block all enabled. > > block in quick on xl0 proto icmp from any to 80.252.225.121/32 icmp-type > 0 > block in quick on xl0 proto icmp from any to 80.252.225.121/32 icmp-type > 11 > block in quick on xl0 proto icmp from any to any > > # The pass rules... > > #allow in FTP > pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 20 > flags S keep state keep frags > pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 21 > flags S keep state keep frags > > #allow in SSH > pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 22 > flags S keep state keep frags > > #allow in SMTP > pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 25 > flags S keep state keep frags > > #allow in DNS > pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 53 > flags S keep state keep frags > pass in quick on xl0 proto udp from any to 80.242.225.121/32 port = 53 > flags S keep state keep frags > > #allow in WEB > pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 80 > flags S keep state keep frags > > #allow in CHAT > pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 8000 > flags S keep state keep frags > > block out on xl0 all > > # Only allow TCP, UDP and ICMP traffic out > pass out quick on xl0 proto tcp from 80.242.225.121/32 to any keep > state > pass out quick on xl0 proto udp from 80.242.225.121/32 to any keep > state > pass out quick on xl0 proto icmp from 80.242.225.121/32 to any keep > state > > #internal interface > pass in quick on rl0 from any to any > pass out quick on rl0 from any to any > > #Local loopback > pass in quick on lo0 from any to any > pass out quick on lo0 from any to any > > > I have compiled my kernel with default blocking enabled. I quickly looked over your firewall and I am not seeing any glaring errors. What is the problem that you are having? If you like you can go to my website, http://www.darthik.com and then to the FreeBSD tab. I have an IPNAT howto, and my ipfw and ipf configuration files there along with some other firewall howtos that may help you. Good luck, --Donnie _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020403073722.662079f1.donniejones18>