Marc Cassuto
Tue, 9 Feb 1999 05:54:37 -0500
Hi all and David in particular, > >If I try to build a strong firewall, > >I can't use all the port limitation that should > >be used with ipfwadm. > This isn't a very strong ruleset. I knew, but it was only the begining... > Check out the > ruleset in the TrinityOS doc and see if it will do > what you need: > http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html In fact, I already knew this link, but first I'd like to do something I understand. And effectively the Trinity ruleset work!!! But I can't understand half of the rules.... And this is really boring for me... > >#/sbin/ipfwadm -F -a accept -b -P tcp -S 192.168.0.7/32 80 -D 0.0.0.0/0 > >1024:65535 > >###### BUT THIS DOESN'T WORK !!! > >###### AND THIS EXACTLY THE LINE I FOUND IN THE HOWTO !!! > No... you are specifing FORWARDING here. That should be: > > /sbin/ipfwadm -I -a accept -b -P tcp -S 192.168.0.7/32 80 -D 0.0.0.0/0 > 1024:65535 That did not work much more.... > But.. This is kinda messed up if you want this rule to allow > WWW browsing on the Internet. This rule is saying you are going > to originate port 80 traffic to the Internet. This isn't > how WWW works unless you are running a WWW server. Your > DESTINATION should be port 80 for normal surfing. Hummmm... Where I can find a doc about the difference between the different list, and in particular -F -I and -O. Or can you explain us (for all masq reader) clearly what is their aim??? The Ip-masquerading mini howto is a bit heavy about this... > Learning firewall rulesets takes a while. I recommend that > you using the TrinityOS doc as a template and open it up > as you need. As it stands, its VERY restrictive. :) But it does not expicit lot of things... A big thank you David, sincerely, Marc CAssuto. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]