Date: Tue, 02 Jan 2007 23:27:55 +0100 From: petko <petko@studnet.sk> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: ipfw denies everything and i can open websites? Message-ID: <459ADC6B.2020309@studnet.sk> In-Reply-To: <20070102200640.GA7476@jurjenm.stack.nl> References: <20070102200640.GA7476@jurjenm.stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
hello, could you show /etc/rc.conf and /etc/rc.firewall files? (only corresponding lines) petko Jurjen Middendorp wrote: > Hello, > i have configured my firewall, but after i do "ipfw -q flush" i am still > able to visit websites, download my e-mail, etc. I thought the default action of > ipfw was to deny everything and ipfw show confirms that... Why am i able to go > on the internet? Is this weird behaviour or is there something i don't > understand about ipfw/firewalls?? > I am behind a router (NAT) and get my ip with dhcp. > > Here is a litle log from what happens if i try to open a random website > (blah.org) after i disable my firewall. > > [jurjen@jurjen ~]$ su > Password: > [root@jurjen /home/jurjen]# fw_uit > 65535 2 616 deny ip from any to any > [root@jurjen /home/jurjen]# tcpdump > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes > > 20:41:44.919465 IP jurjen.lan.55071 > SpeedTouch.lan.domain: 4879+ A? blah.org. (26) > 20:41:45.062650 IP SpeedTouch.lan.domain > jurjen.lan.55071: 4879 1/0/0 A 205.150.150.140 (42) > 20:41:45.062889 IP jurjen.lan.53038 > SpeedTouch.lan.domain: 4880+ AAAA? blah.org. (26) > 20:41:45.173416 IP SpeedTouch.lan.domain > jurjen.lan.53038: 4880 0/1/0 (98) > 20:41:45.173790 IP jurjen.lan.56029 > 205.150.150.140.http: S 1223552665:1223552665(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 21149548 0,sackOK,eol> > 20:41:45.288590 IP 205.150.150.140.http > jurjen.lan.56029: S 3294004362:3294004362(0) ack 1223552666 win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> > 20:41:45.288662 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 1 win 33304 <nop,nop,timestamp 211496620> > 20:41:45.288924 IP jurjen.lan.56029 > 205.150.150.140.http: P 1:395(394) ack 1 win 33304 <nop,nop,timestamp 21149663 0> > 20:41:45.441225 IP 205.150.150.140.http > jurjen.lan.56029: . 1:1449(1448) ack 395 win 65141 <nop,nop,timestamp 1951517 21149548> > 20:41:45.442758 IP 205.150.150.140.http > jurjen.lan.56029: P 1449:2533(1084) ack 395 win 65141 <nop,nop,timestamp 1951517 21149548> > 20:41:45.442812 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 2533 win 32762 <nop,nop,timestamp 21149817 1951517> > 20:41:45.591472 IP jurjen.lan.56029 > 205.150.150.140.http: P 395:720(325) ack 2533 win 33304 <nop,nop,timestamp 21149965 1951517> > 20:41:45.760525 IP 205.150.150.140.http > jurjen.lan.56029: P 3981:4328(347) ack 720 win 64816 <nop,nop,timestamp 1951520 21149965> > 20:41:45.760603 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 2533 win 33304 <nop,nop,timestamp 21150134 1951517,nop,nop,sack 1 {3981:4328}> > 20:41:45.763003 IP 205.150.150.140.http > jurjen.lan.56029: . 2533:3981(1448) ack 720 win 64816 <nop,nop,timestamp 1951520 21149965> > 20:41:45.763045 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 4328 win 32406 <nop,nop,timestamp 21150137 1951520> > 20:41:46.021900 IP jurjen.lan.62273 > SpeedTouch.lan.domain: 23988+ PTR? 140.150.150.205.in-addr.arpa. (46) > 20:41:46.255700 IP SpeedTouch.lan.domain > jurjen.lan.62273: 23988 NXDomain 0/1/0 (117) > 20:42:02.361174 IP sys00.lan.netbios-dgm > 10.0.0.255.netbios-dgm: NBT UDP PACKET(138) > > And the website has loaded... how is this possible?? > > greets, jurjen > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?459ADC6B.2020309>