Date: Wed, 3 Apr 2002 15:32:35 -0800 (PST) From: kjhd kjsdfhk <juostaus@yahoo.com> To: freebsd-security@freebsd.org Subject: linksys 8 port router and ipfw Message-ID: <20020403233235.53970.qmail@web20510.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
--0-753884340-1017876755=:53824
Content-Type: text/plain; charset=us-ascii
thanks in advance. i have 8 windows clients behind a linksys router (befsr81 with
updated firmware) on a hub that links to a freebsd box (4.5 release) running natd and
connected to the net via cable; no dhcp anywhere. i can make it work, BUT, i am unsure of
how well i have done it and how well it is protected. i have omitted the more mundane lo0
and spoofing entries for brevity. xl0 is internal interface.
ipfw rules
add divert natd all from any to any via xl1
add check-state
add allow tcp from "the-router" to any 22 in setup keep-state
add deny tcp from any to any 22
add allow all from "the-router" to any keep-state
add allow all from any to any out
default to deny
#1 how can i change this so i doesn't suck and so the i can browse and ftp from
bsd box?
#2 see below, not as important as #1 but i didnt want to cross-post to questions.
***side note*** the strange thing about router. ssh works until i use the router.
i googled and found other people that said to change to mtu on the nic and router,
didnt work. the router only breaks ssh, (it is in /etc/hosts) you can still browse
and ftp. remove the router and all works, without any other changes. i cheated and
changed my sshd_config to listen on all interfaces and it will work through the
router; not working on xl0 only xl1. i dont think this is, however, the best answer.
again, i thank you all for any time and help.
---------------------------------
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
--0-753884340-1017876755=:53824
Content-Type: text/html; charset=us-ascii
<P><BR> thanks in advance. i have 8 windows clients behind a linksys router (befsr81 with<BR> updated firmware) on a hub that links to a freebsd box (4.5 release) running natd and<BR> connected to the net via cable; no dhcp anywhere. i can make it work, BUT, i am unsure of<BR> how well i have done it and how well it is protected. i have omitted the more mundane lo0<BR> and spoofing entries for brevity. xl0 is internal interface.<BR> <BR> ipfw rules<BR> <BR> add divert natd all from any to any via xl1<BR> add check-state<BR> add allow tcp from "the-router" to any 22 in setup keep-state<BR> add deny tcp from any to any 22<BR> add allow all from "the-router" to any keep-state<BR> add allow all from any to any out<BR> default to deny<BR><BR> #1 how can i change this so i doesn't suck and so the i can browse and ftp from<BR> bsd box?<BR><BR> #2 see below, not as important as #1 but i didnt want to cross-post to questions.<BR><BR><BR> ***side note*** the strange thing about router. ssh works until i use the router.<BR> i googled and found other people that said to change to mtu on the nic and router,<BR> didnt work. the router only breaks ssh, (it is in /etc/hosts) you can still browse<BR> and ftp. remove the router and all works, without any other changes. i cheated and<BR> changed my sshd_config to listen on all interfaces and it will work through the<BR> router; not working on xl0 only xl1. i dont think this is, however, the best answer.<BR><BR> again, i thank you all for any time and help.<BR></P><p><br><hr size=1><b>Do You Yahoo!?</b><br>
<a href="$rd_url/welcome/?http://taxes.yahoo.com/">Yahoo! Tax Center</a> - online filing with TurboTax
--0-753884340-1017876755=:53824--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020403233235.53970.qmail>