Date: Mon, 1 Apr 2002 21:38:51 -0500 From: nobody@cyberstreet.com To: freebsd-security@freebsd.org Subject: linksys 8 port router and ipfw Message-ID: <1065771453.20020401213851@email.com>
next in thread | raw e-mail | index | archive | help
thanks in advance. i have 8 windows clients behind a linksys router (befsr81 with
updated firmware) on a hub that links to a freebsd box (4.5 release) running natd and
connected to the net via cable; no dhcp anywhere. i can make it work, BUT, i am unsure of
how well i have done it and how well it is protected. i have omitted the more mundane lo0
and spoofing entries for brevity. xl0 is internal interface.
ipfw rules
add divert natd all from any to any via xl1
add check-state
add allow tcp from "the-router" to any 22 in setup keep-state
add deny tcp from any to any 22
add allow all from "the-router" to any keep-state
add allow all from any to any out
default to deny
#1 how can i change this so i doesn't suck and so the i can browse and ftp from
bsd box?
#2 see below, not as important as #1 but i didnt want to cross-post to questions.
***side note*** the strange thing about router. ssh works until i use the router.
i googled and found other people that said to change to mtu on the nic and router,
didnt work. the router only breaks ssh, (it is in /etc/hosts) you can still browse
and ftp. remove the router and all works, without any other changes. i cheated and
changed my sshd_config to listen on all interfaces and it will work through the
router; not working on xl0 only xl1. i dont think this is, however, the best answer.
again, i thank you all for any time and help.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1065771453.20020401213851>