[EMAIL PROTECTED] wrote:
I am stuck with a request from a client. A FreeBSD box, with 3 nic's
How to effectively BLOCK every packet from dmz to internal lan?? :o(
maybe something like this:
block out on lan interface from 192.168.10.0/24 to 192.168.1.0/24
thanks. Unfortunately, 22
to it from the inside
somehow.
Regards
Christoph Weber-Fahr
irado furioso com tudo [EMAIL PROTECTED]
24.02.2002 22:31
An: [EMAIL PROTECTED]
Kopie: (Blindkopie: Christoph Weber-Fahr/TND/Eschborn/Arcor)
Thema: Re: stuck with FreeBSD and Ipfilter
[EMAIL PROTECTED] wrote:
I am
Bruno Fernandes wrote:
Hi again !!!
Please post your ipf.rules and ipnat.rules to see if i can figure
what's appening !!!
Regards
BF
here it is, friend. The proposed block rules is between '#', 14th till
16th line below:
block in quick on rl0 from 192.168.0.0/24 to any
block in
I am stuck with a request from a client. A FreeBSD box, with 3 nic's
appears as:
[internet]/FreeBSD/--[lan 192.168.1.2]
^
|--[dmz 192.168.10.2]
dmz receiv (and replies) requests for dns/sendmail/apache either from
internet or from the lan
thank you, bob and bruno. Will try all this stuff this weekend, report
(hope a 'did it' one) by the sunday. :-)
Many thanks to both, and wait crossing your fingers :-)
bob bobing wrote:
That is really odd, your ipf.rules file doesn't match
your ipfstat -i -h. I don't see any 192.168.1.89
You have run nmap from the DMZ?
-Original Message-
From: irado furioso com tudo [mailto:[EMAIL PROTECTED]]
Sent: terça-feira, 12 de Fevereiro de 2002 20:17
To: [EMAIL PROTECTED]
Subject: stuck with FreeBSD and Ipfilter
I am stuck with a request from a client. A FreeBSD box, with 3
Bruno Fernandes wrote:
note: even changing rules a lot, I am unable to do this. Then I just
tryied to 'block everything for that machine':
:=== begin
block in quick from any to 192.168.1.89
block out quick from any to 192.168.1.89
block in quick from 192.168.1.89 to any
:===
but
I am using ipfilter for this setup.
note: even changing rules a lot, I am unable to do this. Then I just
tryied to 'block everything for that machine':
:=== begin
block in quick from any to 192.168.1.89
block out quick from any to 192.168.1.89
block in quick from 192.168.1.89 to any
:===
A
please paste the output of ipfstat -i -h, ipnat -l and
the contens of your ipfrules file, and ipnatrules
file.
Just an FYI, ipnat happens before ipf, so your rules
need to be written post nat.
--- irado furioso com tudo [EMAIL PROTECTED] wrote:
Bruno Fernandes wrote:
note: even
bob bobing wrote:
please paste the output of ipfstat -i -h, ipnat -l and
the contens of your ipfrules file, and ipnatrules
file.
Just an FYI, ipnat happens before ipf, so your rules
need to be written post nat.
hmm.. think that I donot how to do this. Maybe it is the cause of
tudo [mailto:[EMAIL PROTECTED]]
Sent: terça-feira, 19 de Fevereiro de 2002 10:45
To: [EMAIL PROTECTED]
Subject: Re: stuck with FreeBSD and Ipfilter
bob bobing wrote:
please paste the output of ipfstat -i -h, ipnat -l and
the contens of your ipfrules file, and ipnatrules
file.
Just an FYI
That is really odd, your ipf.rules file doesn't match
your ipfstat -i -h. I don't see any 192.168.1.89 in
your file, and yet its in your ipfstat table. :/
Well at any rate, your ipf.rules file is a mess. I
would try to rewrite them, Bruno Fernandes has some
great examples (seems to have left out
I am stuck with a request from a client. A FreeBSD box, with 3 nic's
appears as:
[internet]/FreeBSD/--[lan 192.168.1.2]
^
|--[dmz 192.168.10.2]
dmz receiv (and replies) requests for dns/sendmail/apache either from
internet or from the lan thru
13 matches
Mail list logo
