Date: Wed, 12 Aug 1998 19:50:20 +1200 From: "Dan Langille" <junkmale@xtra.co.nz> To: Doug White <dwhite@resnet.uoregon.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw rules Message-ID: <199808120750.TAA00553@cyclops.xtra.co.nz> In-Reply-To: <Pine.BSF.4.00.9808120030250.28795-100000@resnet.uoregon.edu> References: <199808110042.MAA10419@cyclops.xtra.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12 Aug 98, at 0:31, Doug White wrote:
>
> On Tue, 11 Aug 1998, Dan Langille wrote:
>
> > I'm using ipfw and natd for my home subnet. The FreeBSD box acts as a
> > gateway to my ADSL connection. I'm using the simple firewall as
> > defined in rc.firewall. However, some of the default rules are
> > preventing some services from working. But I don't understand why.
> >
> > Below are the rules and a description of what they prevent when they
> > are enabled. If someone could explain why the rule stops what it
> > does, I would appreciate it.
> >
> > oif=ed0
> >
> > # if either of the following two lines are enabled, it stops my
> > # Pegasus email client from accessing the POP server at my ISP
> > add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}
>
> Stop any packets originating from 192.168.x.x from leaving this machine.
> What's the machine's IP?
ed0 (outside world) is not within this range. ed1 (my subnet) is. Isn't
this rule trying to stop packets going out on ed0 (outside world)?
>
> > add pass tcp from any to any setup
>
> Allows TCP connections to start but probably blocks the rest because of
> the above rule.
Yeah. Strange. These are the default rules within rc.firewall.
--
Dan Langille
DVL Software Limited
http://www.dvl-software.com/freebsd : my [mis]adventures
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808120750.TAA00553>