CORRECTION: That last rule I quoted is actually:
00050 allow tcp from any to my.ip.ad.res 22 setup ^^ Makes it work much better for SSH... ----- Original Message ----- From: "Kevin Kinsey, DaleCo, S.P." <[EMAIL PROTECTED]> To: "Jamie" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, July 01, 2003 8:29 PM Subject: Re: setting up ipfw > From: "Jamie" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, July 01, 2003 8:01 PM > Subject: setting up ipfw > > > > I am having a very difficult time setting up ipfw on a 4.8 > > installation. Was wondering if anyone might be able to shed some > light on > > this. > > > > I followed the directions in the handbook, and I compiled a new > kernel > > with these options, ( am going for a deny all by default, open > services > > as necessary philosophy): > > > > options IPFIREWALL > > options IPFIREWALL_VERBOSE > > options IPFIREWALL_VERBOSE_LIMIT=10 > > > > Upon rebooting, I was unable to access the machine from > anywhere, which > > is fine, because I have console access. > > > > Output of ifconfig -a looks like this: > > > > ifconfig -a > > fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > inet 18.104.22.168 netmask 0xffffff00 broadcast > 22.214.171.124 > > inet6 fe80::203:47ff:fe77:8169%fxp0 prefixlen 64 scopeid > 0x1 > > ether 00:03:47:77:81:69 > > media: Ethernet autoselect (100baseTX <full-duplex>) > > status: active > > lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 > > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > > inet6 ::1 prefixlen 128 > > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > > inet 127.0.0.1 netmask 0xff000000 > > ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 > > sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 > > faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 > > > > the name of the machine is power.bar.com > > > > > > I want to ssh in from another machine: foo.bar.com with IP > address > > 126.96.36.199. > > > > > > > > This is the rule I am adding: > > > > > > ipfw add allow tcp from 188.8.131.52 to power.bar.com 22 > > > > > > It tells me it can't resolve power.bar.com! > > > > So, I try: > > > > ipfw add allow tcp from 184.108.40.206 to 220.127.116.11 22 > > > > It accepts the rule, but I still cannot connect from > foo.bar.com. > > > > Anyone have any ideas? > > Are you allowing ip OUT from 18.104.22.168? > > Please post output of "ipfw show" (not that it's > not implicit, I guess...) and describe your network > topography. > > FWIW, here's my top few rules: > > 00010 allow ip from my.ip.ad.dres to any out > 00020 deny log logamount 20 ip from any to any out > 00030 allow tcp from any to any established > 00040 allow ip from any to any frag > 00050 allow tcp from any to my.ip.ad.res setup > > Kevin Kinsey > DaleCo, S.P. > > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"