Date: Sun, 19 Oct 2003 17:21:06 +0100 From: Dan <dan@ntlbusiness.com> To: Barney Wolff <barney@databus.com> Cc: freebsd-net@freebsd.org Subject: Re: IPFW. Message-ID: <200310191721.06509.dan@ntlbusiness.com> In-Reply-To: <20031019161948.GB46989@pit.databus.com> References: <200310191532.40136.dan@ntlbusiness.com> <200310191704.42446.dan@ntlbusiness.com> <20031019161948.GB46989@pit.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 19 October 2003 5:19 pm, you wrote: > First, as somebody else suggested, either use numbers on every rule > or none at all. Second, you want to keep-state only on setup, not > on every tcp packet going in either direction, as that will be wide > open. Third, you don't seem to have any rule allowing udp, so dns > lookups are not likely to work. Fourth, did you actually put the > rules into effect? If so, you should see entries in the logs when > packets are denied. Fifth, the rule with 192.168 in it will never > fire, as the address will have been translated by natd before it > gets there. > > Doing ipfw list will show you the rules that exist, and ipfw -atde list > will show you which rules have matched and when. Hmm .. Ok thanks again for your reply. I probably understood 5% of that though ;) I will go and search on google for some of the pointers you've given me .. but I am finding this really hard..it took me absolutely ages just to get that far. Once again thanks for your help!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310191721.06509.dan>