Date: Sat, 13 Jul 2002 17:04:15 +0200 From: Martin =?iso-8859-1?q?M=F6ller?= <moeller@bsdsi.com> To: freebsd-questions@freebsd.org Subject: Can't use gnutella through my firewall Message-ID: <200207131704.22884.moeller@bsdsi.com>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, I successfully set up my firewall by using Marc Silver's example=20 configuration. Everything's fine but I can't use Gnutella any more, so I=20 added the line: $fwcmd add pass tcp from any to any 6346 via tun0 (look at >>> for position) But, as you can imagine, I doesn't work. Any help appreciated! Kind regards, Martin # Firewall rules # Written by Marc Silver (marcs@draenor.org) # http://draenor.org/ipfw # Freely distributable # Define the firewall command (as in /etc/rc.firewall) for easy # reference. Helps to make it easier to read. fwcmd=3D"/sbin/ipfw" # Force a flushing of the current rules before we reload. $fwcmd -f flush # Divert all packets through the tunnel interface. $fwcmd add divert natd all from any to any via tun0 # Allow all data from my network card and localhost. Make sure you # change your network card (mine was fxp0) before you reboot. :) $fwcmd add allow ip from any to any via lo0 $fwcmd add allow ip from any to any via de0 # Allow all connections that I initiate. $fwcmd add allow tcp from any to any out xmit tun0 setup # Once connections are made, allow them to stay open. $fwcmd add allow tcp from any to any via tun0 established # Everyone on the internet is allowed to connect to the following # services on the machine. This example specifically allows connections # to ssh and apache. $fwcmd add allow tcp from any to any 80 setup $fwcmd add allow tcp from any to any 22 setup (>>>) $fwcmd add pass tcp from any to any 6346 via tun0 # This sends a RESET to all ident packets. $fwcmd add reset log tcp from any to any 113 in recv tun0 # Allow outgoing DNS queries ONLY to the specified servers. $fwcmd add allow udp from any to myDNS 53 out xmit tun0 # Allow them back in with the answers... :) $fwcmd add allow udp from myDNS 53 to any in recv tun0 # Allow ICMP (for ping and traceroute to work). You may wish to # disallow this, but I feel it suits my needs to keep them in. $fwcmd add allow icmp from any to any # Deny all the rest. $fwcmd add deny log ip from any to any - --=20 Martin M=F6ller <moeller@bsdsi.com> BSD/SI Deutschland -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD4DBQE9MEF1t/yBbDyXkoURAhPtAJiHFqRwxn3VI4LUvCMuZqm5SGEoAJ9dRfVW 8Fp92UsnLIMUXQB2fYaXyg=3D=3D =3DjSTU -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207131704.22884.moeller>