From owner-freebsd-questions Sun Aug 4 14:46:29 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 021C337B400 for ; Sun, 4 Aug 2002 14:46:25 -0700 (PDT) Received: from hotmail.com (f166.sea1.hotmail.com [207.68.163.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id A89CB43E4A for ; Sun, 4 Aug 2002 14:46:24 -0700 (PDT) (envelope-from chopsuey1973@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 4 Aug 2002 14:46:24 -0700 Received: from 24.220.184.1 by sea1fd.sea1.hotmail.msn.com with HTTP; Sun, 04 Aug 2002 21:46:24 GMT X-Originating-IP: [24.220.184.1] From: "Joe Smith" To: freebsd-questions@freebsd.org Subject: IPFW Question Date: Sun, 04 Aug 2002 15:46:24 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 04 Aug 2002 21:46:24.0539 (UTC) FILETIME=[610836B0:01C23C00] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I am new to IPFW and I was just experimenting with it today and I am running into a problem. I have a FreeBSD 4.5 machine sitting between the Internet and my local network. The inside interface on the BSD machine is tx0 and all my internal machines have IP addresses of 192.168.1.x. When I load this ruleset my SSH connection gets killed. I am trying to allow SSH connection from my internal network. Any suggestions? Thanks # Suck in the configuration variables. if [ -z "${source_rc_confs_defined}" ]; then if [ -r /etc/defaults/rc.conf ]; then . /etc/defaults/rc.conf source_rc_confs elif [ -r /etc/rc.conf ]; then . /etc/rc.conf fi fi fwcmd="/sbin/ipfw" oif="de0" iif="tx0" ############ # Flush out the list before we begin. # ${fwcmd} -f flush ############ # Network Address Translation. All packets are passed to natd(8) # before they encounter your remaining rules. The firewall rules # will then be run again on each packet after translation by natd # starting at the rule number following the divert rule. # ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} ############ # Only in rare cases do you want to change these rules # ${fwcmd} add 100 allow all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any #SSH ${fwcmd} add 400 allow tcp from 192.168.1.0/24 22 to any via ${iif} ${fwcmd} add 401 allow udp from 192.168.1.0/24 22 to any via ${iif} ${fwcmd} add 65000 deny all from any to any _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message