Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 15 Apr 2001 15:34:35 -0500 (CDT)
From:      Nick Rogness <nick@rogness.net>
To:        Caleb Walker <cwalker@cwalk.org>
Cc:        questions@FreeBSD.ORG
Subject:   Re: IPFW rules
Message-ID:  <Pine.BSF.4.21.0104151530540.61877-100000@cody.jharris.com>
In-Reply-To: <001701c0c5d8$1f518d60$2701a8c0@cwalk.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 15 Apr 2001, Caleb Walker wrote:

> To make this simple this is what I have in my firewall for rules right now.
> I am starting here so that I can figure out what I am doing wrong. I have
> put the two port 22 rules at the top and right now it is at the bottom, so I
> have tried both..  If I remove the rule nuber 64101 why can I not ssh in?
> After I figure this out I will go ahead with the rest of my firewall
> configuration.  Thank you so much in advance for your help!
> 
> <root-10:20am>#ipfw list
> 00050 divert 8668 ip from any to any via xl0
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 64000 allow tcp from any to any 22
> 64001 allow udp from any to any 22
> 64101 allow ip from any to any
> 65535 deny ip from any to any
> 

	You are missing the return traffic from port 22 to your
	client.  Keep in mind that packets are bi-directional, meaning
	you have packets coming into your machine and packets leaving.  In
	this case you are missing the packets leaving your machine.

		ipfw add 64002 allow tcp from any 22 to any

	Should do the trick.



Nick Rogness <nick@rogness.net>
 - Keep on Routing in a Free World...
 "FreeBSD: The Power to Serve!"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104151530540.61877-100000>