Date: Mon, 20 Mar 2006 16:29:19 -0300 From: "Rodrigo G. Tavares de Souza" <rodrigo@sensorsistemas.com.br> To: freebsd-questions@freebsd.org Subject: IPFW - Creating my own rules Message-ID: <441F028F.6010608@sensorsistemas.com.br>
next in thread | raw e-mail | index | archive | help
Hi, I'm trying to configure the IPFW with no success. Do I need to configure [in] access to each service allowed? I have these services: - Public DNS Server (outside); - Public POP Server (outside); - Public SMTP Server (outside); - Squid as Proxy; The whole Internet traffic is being redirected to Squid. I need open DNS, POP and SMTP. What is wrong with the follow rules file? Best Regards, Rodrigo Souza Sao Paulo - Brazil ----------------------------------------------- security log file ----------------------------------------------- Mar 20 15:45:15 bsd-net kernel: ipfw: 450 Deny TCP 207.46.6.75:1863 192.168.0.103:1580 in via rl0 Mar 20 15:45:18 bsd-net kernel: ipfw: 450 Deny UDP 200.153.0.68:53 192.168.0.109:1056 in via rl0 Mar 20 15:45:44 bsd-net kernel: ipfw: 450 Deny UDP 200.153.0.68:53 192.168.0.109:1056 in via rl0 Mar 20 15:45:49 bsd-net kernel: ipfw: 450 Deny TCP 200.246.179.88:110 192.168.0.114:2238 in via rl0 ... Mar 20 15:45:59 bsd-net kernel: ipfw: 450 Deny TCP 200.246.179.88:110 192.168.0.114:2238 in via rl0 Mar 20 15:46:00 bsd-net kernel: ipfw: 450 Deny TCP 200.246.179.88:25 192.168.0.161:2090 in via rl0 Mar 20 15:46:01 bsd-net kernel: ipfw: 450 Deny TCP 200.246.179.88:25 192.168.0.161:2090 in via rl0 ----------------------------------------------- #!/bin/sh ipfw -q -f flush cmd="ipfw -q add" pif="rl0" skip="skipto 500" ks="keep-state" $cmd 010 divert 8668 ip from any to any via $pif $cmd 020 allow all from any to 192.168.0.2 $cmd 030 allow all from any to any via lo0 $cmd 040 fwd 192.168.0.2,3128 tcp from 192.168.0.0/24 to any dst-port 80 # DNS SERVER # ******************************** $cmd 050 allow tcp from any to 200.153.0.68 53 out via $pif setup $ks $cmd 055 allow udp from any to 200.153.0.68 53 out via $pif $ks $cmd 060 allow tcp from any to 200.153.0.192 53 out via $pif setup $ks $cmd 065 allow udp from any to 200.153.0.192 53 out via $pif $ks # INTERNET # ******************************** $cmd 070 allow tcp from any to any 80 out via $pif setup keep-state $cmd 075 allow tcp from any to any 443 out via $pif setup keep-state # POP AND SMTP SERVER # ******************************** $cmd 080 allow tcp from any to 200.246.179.88 25 out via $pif setup $ks $cmd 085 allow tcp from any to 200.246.179.88 110 out via $pif setup $ks # FULL root RIGHTS # ******************************** $cmd 090 allow tcp from me to any out via $pif setup keep-state uid root # PING # ******************************** $cmd 110 allow icmp from any to any out via $pif keep-state # DENY NOT ALLOWED # ******************************** $cmd 450 deny log all from any to any via $pif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?441F028F.6010608>