Date: Fri, 14 Dec 2001 11:58:27 +0100 From: Peter Wolkerstorfer <a9203537@unet.univie.ac.at> To: freebsd-questions@freebsd.org Subject: Re: please help on 1(one) ipf rule - still not working Message-ID: <3C19DB52.9C6A2B5@unet.univie.ac.at> References: <3C187D20.E1901AD5@unet.univie.ac.at> <20020112132633.E31058@b1n.org> <3C190917.AD60F415@unet.univie.ac.at> <20020112232936.A12385@b1n.org>
next in thread | previous in thread | raw e-mail | index | archive | help
BinarySoul wrote: > you dont need any extra rule to your local network to access your > firewall (throgh rl0). this is exactly what i think, also - but it doesn't work. i considered the advice from Crist J. Clark with the loopback device and it won't help also. so i will start all over again from the basics and build a new kernel. (maybe i have missed something important there) THX to all of you for your hints so far! (i hope i don't have to stress your time again with the new kernel, as far as my knowledge goes: in theory my ruleset should work as i want it) peter "wolki" wolkerstorfer p.s: if youre interested - this is how i think it should work: # the first three rules let me do everything from inside to outside # THIS WORKS!!! - even with ssh (and all other stuff like pinging, dns, pop3...) pass out quick on rl1 proto tcp from 192.168.0.0/16 to any flags S/SA keep state pass out quick on rl1 proto udp from 192.168.0.0/16 to any keep state pass out quick on rl1 proto icmp from 192.168.0.0/16 to any keep state # this time i won't kill my loopback so these two rules are insertet # THX to C.J. Clark pass out quick on lo0 all pass in quick on lo0 all # this rule should block all traffic coming from outside EXCEPT all the # answers of all established connections from inside (keep state) block in on rl1 all <snip> > > rl1 is the interface to external network, rl0 is internal network. > > > > what i want to do: > > block ALL incoming traffic from the internet (also ssh) but connect to > > the firewall from the internal network. not solved: > > problem: > > i can't ssh-login from INTERNAL network to the firewall (which is > > probably that i cannot ssh-login from 192.168.0.11 to 192.168.0.1; > > 192.168.0.1 is the firewall and the corresponding interface is rl0) > > > > BUT: ..still.. > > i can do everything i want (including SSH) OVER the firewall To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C19DB52.9C6A2B5>