Date: Sun, 04 Aug 2002 15:46:24 -0600 From: "Joe Smith" <chopsuey1973@hotmail.com> To: freebsd-questions@freebsd.org Subject: IPFW Question Message-ID: <F166tuybeUhjqzRnOkD00023f7b@hotmail.com>
next in thread | raw e-mail | index | archive | help
I am new to IPFW and I was just experimenting with it today and I am running
into a problem. I have a FreeBSD 4.5 machine sitting between the Internet
and my local network. The inside interface on the BSD machine is tx0 and all
my internal machines have IP addresses of 192.168.1.x. When I load this
ruleset my SSH connection gets killed. I am trying to allow SSH connection
from my internal network. Any suggestions? Thanks
# Suck in the configuration variables.
if [ -z "${source_rc_confs_defined}" ]; then
if [ -r /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
source_rc_confs
elif [ -r /etc/rc.conf ]; then
. /etc/rc.conf
fi
fi
fwcmd="/sbin/ipfw"
oif="de0"
iif="tx0"
############
# Flush out the list before we begin.
#
${fwcmd} -f flush
############
# Network Address Translation. All packets are passed to natd(8)
# before they encounter your remaining rules. The firewall rules
# will then be run again on each packet after translation by natd
# starting at the rule number following the divert rule.
#
${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
############
# Only in rare cases do you want to change these rules
#
${fwcmd} add 100 allow all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
#SSH
${fwcmd} add 400 allow tcp from 192.168.1.0/24 22 to any via ${iif}
${fwcmd} add 401 allow udp from 192.168.1.0/24 22 to any via ${iif}
${fwcmd} add 65000 deny all from any to any
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F166tuybeUhjqzRnOkD00023f7b>