Date: Sat, 20 May 2006 13:20:20 GMT From: "Marcelo Machado" <marcelo_vt@hotmail.com> To: freebsd-amd64@FreeBSD.org Subject: RE: Re: amd64/97504: IPFW Rules bug Message-ID: <200605201320.k4KDKKuk064253@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR amd64/97504; it has been noted by GNATS. From: "Marcelo Machado" <marcelo_vt@hotmail.com> To: <bug-followup@FreeBSD.org> Cc: Subject: RE: Re: amd64/97504: IPFW Rules bug Date: Sat, 20 May 2006 13:12:54 +0000 --_d6bc2cbb-35e5-41b5-9720-9114e24f7867_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Thanks for the assistance Oliver! =20 =20 But, I have a question, I'm only using IP's and not names, still they look = for the DNS? =20 How can I fix it? My firewall is Freebsd 6 and the Dataserver and most of W= ebservers are Windows and one Linux. =20 Thanks a Lot!! =20 Best Regards, Marcelo > Date: Sat, 20 May 2006 13:28:29 +0200> From: olli@lurza.secnetix.de> To: = bug-followup@FreeBSD.org; marcelo_vt@hotmail.com> Subject: Re: amd64/97504:= IPFW Rules bug> > Marcelo Machado <marcelo_vt@hotmail.com> wrote:> > > Nu= mber: 97504> > > Synopsis: IPFW Rules bug> > > [...]> > I'= ve added the following rules to the ipfw.rules:> > > > ipfw add 100 allow= all from 192.168.100.3 to 192.168.100.4> > ipfw add 110 allow all from 19= 2.168.100.4 to 192.168.100.3> > ipfw add 65535 deny all from any to any > = > > > With these rules the 192.168.100.3 should ping or interact with> >= 192.168.100.4 normally, but don't. But if I add this line:> > > > ipfw a= dd 1 allow all from any to any> > > > they talk each other normally, but = the most problem comes next,> > if I:> > > > ipfw delete 1> > > > Ever= ything begins to work as they should, only these IP's can talk> > with eac= h other on the net.> > You probably forgot to allow access to/from your DNS= server,> or something similar. The rule #1 will shortly allow that> acces= s, and when you delete that rule again, it still works> because the DNS res= ults are cached.> > Best regards> Oliver> > -- > Oliver Fromme, secneti= x GmbH & Co. KG, Marktplatz 29, 85567 Grafing> Dienstleistungen mit Schwerp= unkt FreeBSD: http://www.secnetix.de/bsd> Any opinions expressed in this me= ssage may be personal to the author> and may not necessarily reflect the op= inions of secnetix in any way.> > "I made up the term 'object-oriented', an= d I can tell you> I didn't have C++ in mind."> -- Alan Kay, OOPSLA = '97 _________________________________________________________________ MSN Busca: f=E1cil, r=E1pido, direto ao ponto.=20 http://search.msn.com.br= --_d6bc2cbb-35e5-41b5-9720-9114e24f7867_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html>=0A= <head>=0A= <style>=0A= P=0A= {=0A= margin:0px;=0A= padding:0px=0A= }=0A= body=0A= {=0A= FONT-SIZE: 10pt;=0A= FONT-FAMILY:Tahoma=0A= }=0A= </style>=0A= </head>=0A= <body><P>Thanks for the assistance Oliver!</P> <P> </P> <P> </P> <P>But, I have a question, I'm only using IP's and not names, still they lo= ok for the DNS?</P> <P> </P> <P>How can I fix it? My firewall is Freebsd 6 and the Dataserver and most o= f Webservers are Windows and one Linux.</P> <P> </P> <P>Thanks a Lot!!</P> <P> </P> <P>Best Regards,</P> <P>Marcelo<BR><BR></P> <P> <HR id=3DstopSpelling> </P> <P>> Date: Sat, 20 May 2006 13:28:29 +0200<BR>> From: olli@lurza.secn= etix.de<BR>> To: bug-followup@FreeBSD.org; marcelo_vt@hotmail.com<BR>>= ; Subject: Re: amd64/97504: IPFW Rules bug<BR>> <BR>> Marcelo Ma= chado <marcelo_vt@hotmail.com> wrote:<BR>> >&nb= sp;> Number: 9= 7504<BR>> > > Synopsis: &nb= sp; IPFW Rules bug<BR>> > > [= ...]<BR>> > I've added the following r= ules to the ipfw.rules:<BR>> > <BR>> &nb= sp;> ipfw add 100 allow all from 192.= 168.100.3 to 192.168.100.4<BR>> > ipfw add&= nbsp;110 allow all from 192.168.100.4 to 192.= 168.100.3<BR>> > ipfw add 65535 deny a= ll from any to any <BR>> > <BR>&g= t; > With these rules the 192.168.100.3&n= bsp;should ping or interact with<BR>> >&nbs= p;192.168.100.4 normally, but don't. But if I= add this line:<BR>> > <BR>> >&= nbsp;ipfw add 1 allow all from any to&nb= sp;any<BR>> > <BR>> > they talk = ;each other normally, but the most problem&nb= sp;comes next,<BR>> > if I:<BR>> >&n= bsp;<BR>> > ipfw delete 1<BR>> >&nbs= p;<BR>> > Everything begins to work as= they should, only these IP's can talk<B= R>> > with each other on the net.= <BR>> <BR>> You probably forgot to allow acc= ess to/from your DNS server,<BR>> or something&= nbsp;similar. The rule #1 will shortly = allow that<BR>> access, and when you delete&nbs= p;that rule again, it still works<BR>> because&= nbsp;the DNS results are cached.<BR>> <BR>> Best&= nbsp;regards<BR>> Oliver<BR>> <BR>> -- <BR>= > Oliver Fromme, secnetix GmbH & Co.&= nbsp;KG, Marktplatz 29, 85567 Grafing<BR>> Dienstlei= stungen mit Schwerpunkt FreeBSD: http://www.secnetix.de= /bsd<BR>> Any opinions expressed in this messag= e may be personal to the author<BR>> and&n= bsp;may not necessarily reflect the opinions = of secnetix in any way.<BR>> <BR>> "I made&n= bsp;up the term 'object-oriented', and I can&= nbsp;tell you<BR>> I didn't have C++ in mi= nd."<BR>> -- Alan&n= bsp;Kay, OOPSLA '97<BR></P><br /><hr />MSN Busca: f=E1cil, r=E1pi= do, direto ao ponto. <a href=3D'http://search.msn.com.br' target=3D'_new'>= Encontre o que voc=EA quiser. Clique aqui.</a></body>=0A= </html>= --_d6bc2cbb-35e5-41b5-9720-9114e24f7867_--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605201320.k4KDKKuk064253>