From owner-freebsd-questions@FreeBSD.ORG Thu Apr 6 02:05:19 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E320416A400 for ; Thu, 6 Apr 2006 02:05:19 +0000 (UTC) (envelope-from ean@istop.com) Received: from mailout1.igs.net (mailout1.igs.net [216.58.97.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9CD2E43D5D for ; Thu, 6 Apr 2006 02:05:19 +0000 (GMT) (envelope-from ean@istop.com) Received: from [192.168.89.13] (hedron.org [66.11.182.60]) by mailout1.igs.net (Postfix) with ESMTP id 2627E58BD for ; Wed, 5 Apr 2006 22:05:19 -0400 (EDT) From: Ean Kingston To: freebsd-questions@freebsd.org Date: Wed, 5 Apr 2006 22:08:08 -0400 User-Agent: KMail/1.9.1 References: <7DF2083F-A039-495E-8FAC-E6C9D8AA6391@gmail.com> In-Reply-To: <7DF2083F-A039-495E-8FAC-E6C9D8AA6391@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200604052208.08520.ean@istop.com> Subject: Re: ipfw and ssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2006 02:05:20 -0000 You neglected to include the 'add' in your first fwcmd. You may want to try something simple to start with. I haven't used ipfw in a while so hopefully my syntax is still good. Here is a simple starting point: # Allow person SSH access mip="xxx.xxx.xxx.xxx" # IP Address of person ${fwcmd} add allow tcp from ${mip} to me 22 in # allow connection to ssh ${fwcmd} add allow tcp from me 22 to ${mip} out # allow me to respond I think all you really need is this: # Allow setup of incoming ssh ${fwcmd} add pass tcp from ${mip} to ${ip} 22 setup Since the rest of it should be taken care of by the rest of the 'client' ipfw setup. On Wednesday 05 April 2006 21:50, Anthony M.Agelastos wrote: > Hello everyone, > > Allow me to preface my problem by saying that I am very ignorant when > it comes to networking. I do apologize if this is trivial. In any > event, I enabled the "client" ifpw firewall located in /etc/ > rc.firewall. This appears to work well for my needs... except for one > additional item. I need someone outside of my network to have SSH > access to my machine. I know his/her IP address. So, I have added > some additional items to rc.firewall for this. Here is what I added. > > # Allow person SSH access > mip="xxx.xxx.xxx.xxx" > ${fwcmd} allow tcp from any to any 22 out setup keep-state > ${fwcmd} add pass tcp from ${mip} to me 22 setup limit src- > addr 2 > > I have tried many, many differing variations of this from items I > have found online. I cannot get any of them to work. My network setup > is as follows > > internet -> cable modem -> netgear router -> freebsd 6.1-prerelease > > This user can SSH into my machine when I set the firewall to "open". > Any ideas? > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" -- Ean Kingston, BSc, CISSP, ARO