Date: Tue, 6 Oct 1998 14:15:23 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: Brian <brian@briang.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW Message-ID: <Pine.BSF.4.03.9810061415060.19930-100000@resnet.uoregon.edu> In-Reply-To: <000701bdefea$33c24f80$2a00a8c0@brian-desktop.thetingroup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 4 Oct 1998, Brian wrote: > I'm running FreeBSD 2.2.7 and have natd running with the IP Firewall enabled > > /etc/rc.conf > FXP0=24.1.88.xxx > & > FXP0=192.168.0.1 > > --> ipfw -a l > > 00100 31163 20091250 divert 6668 ip from any to any via fxp0 > 00100 130 14898 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny log tcp from 24.0.0.0/8 to any 1-21 in recv > fxp0 > 00400 0 0 deny log tcp from 24.0.0.0/8 to any 23-52 in > recv fxp0 > 00500 0 0 deny log tcp from 24.0.0.0/8 to any 56-109 in > recv fxp0 > 00600 0 0 deny log tcp from 24.0.0.0/8 to any 111-1023 in > recv fxp0 > 00700 0 0 deny log tcp from 24.0.0.0/8 to 24.0.0.0/8 > 1026-65000 in recv fxp0 > 65000 62854 40131837 allow ip from any to any > 65535 0 0 deny ip from any to any > > Now my question is how would I tell it to allow any and everthing from > 24.1.122.xxx > I have tryed to put that segment in as allow > > $fwcmd add allow all from 24.1.122.0/24 to any in via fxp0 It's all about ordering ... your divert rule is caching everything first. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.03.9810061415060.19930-100000>