Date: Thu, 2 May 2002 11:14:38 -0400 From: Rob Ellis <rob@web.ca> To: Nelis Lamprecht <nelis@brabys.co.za> Cc: freebsd-questions@freebsd.org Subject: Re: firewall - ipfw rules Message-ID: <20020502151437.GB84982@web.ca> In-Reply-To: <5.1.0.14.2.20020502081544.013d6778@192.96.48.11> References: <5.1.0.14.2.20020502081544.013d6778@192.96.48.11>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 02, 2002 at 08:30:07AM +0200, Nelis Lamprecht wrote: > Hi > > I am trying to create a custom ruleset for ipfw on a server that is > configured as a mail server and a web server. I have done all the necessary > steps to enable the firewall by compiling the kernel with relevant options > and also setting up the rc.conf to point to my ruleset. > I have also setup the rules to allow dns and certain icmp traffic for ping > and traceroute which is working fine. My box is configured with 2 nic's one > external and one internal ( 192.168.0.0 ) My problem is I can't seem to get > a rule working to except http to my webserver and this is what i have > created as a rule: > > add 00301 allow tcp from any to external-ip 80 > add 00302 allow tcp from any to external-ip 25 > add 00303 allow tcp from any to external-ip 110 > > *external-ip being the ip address of the external nic naturally ;-) > > this is either incorrect or I have forgotten something out in either the > ruleset or the rc.firewall file. > Can someone please give me an example of a ruleset for a web server and/or > mail server or explain to me what needs to be done? > Have you got rules allowing outbound traffic...? :-) You need to do something like ipfw add allow tcp from any to $myip 25 ipfw add allow tcp from $myip 25 to any or ipfw add allow tcp from any to any established ipfw add allow tcp from any to $myip 25 setup or ipfw add allow tcp from any to $myip 25 setup keep-state - rob To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020502151437.GB84982>