CORRECTION:

That last rule I quoted is actually:

00050  allow tcp from any to my.ip.ad.res 22 setup
                                                                 ^^
Makes it work much better for SSH...

----- Original Message -----
From: "Kevin Kinsey, DaleCo, S.P." <[EMAIL PROTECTED]>
To: "Jamie" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, July 01, 2003 8:29 PM
Subject: Re: setting up ipfw


> From: "Jamie" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, July 01, 2003 8:01 PM
> Subject: setting up ipfw
>
>
> >    I am having a very difficult time setting up ipfw on a 4.8
> > installation. Was wondering if anyone might be able to shed some
> light on
> > this.
> >
> >    I followed the directions in the handbook, and I compiled a
new
> kernel
> > with these options, ( am going for a deny all by default, open
> services
> > as necessary philosophy):
> >
> > options IPFIREWALL
> > options IPFIREWALL_VERBOSE
> > options IPFIREWALL_VERBOSE_LIMIT=10
> >
> >    Upon rebooting, I was unable to access the machine from
> anywhere, which
> > is fine, because I have console access.
> >
> >    Output of ifconfig -a looks like this:
> >
> >  ifconfig -a
> > fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >         inet 200.88.54.93 netmask 0xffffff00 broadcast
> 200.88.54.255
> >         inet6 fe80::203:47ff:fe77:8169%fxp0 prefixlen 64 scopeid
> 0x1
> >         ether 00:03:47:77:81:69
> >         media: Ethernet autoselect (100baseTX <full-duplex>)
> >         status: active
> > lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
> > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> >         inet6 ::1 prefixlen 128
> >         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
> >         inet 127.0.0.1 netmask 0xff000000
> > ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> > sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
> > faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
> >
> >    the name of the machine is power.bar.com
> >
> >
> >    I want to ssh in from another machine: foo.bar.com with IP
> address
> > 200.88.34.12.
> >
> >
> >
> >   This is the rule I am adding:
> >
> >
> > ipfw add allow tcp from 200.88.34.12 to power.bar.com 22
> >
> >
> >    It tells me it can't resolve power.bar.com!
> >
> > So, I try:
> >
> > ipfw add allow tcp from 200.88.34.12 to 200.88.54.93 22
> >
> >    It accepts the rule, but I still cannot connect from
> foo.bar.com.
> >
> >    Anyone have any ideas?
>
> Are you allowing ip OUT from 200.88.54.93?
>
> Please post output of "ipfw show" (not that it's
> not implicit, I guess...) and describe your network
> topography.
>
> FWIW, here's my top few rules:
>
> 00010 allow ip from my.ip.ad.dres to any out
> 00020 deny log logamount 20 ip from any to any out
> 00030  allow tcp from any to any established
> 00040  allow ip from any to any frag
> 00050  allow tcp from any to my.ip.ad.res setup
>
> Kevin Kinsey
> DaleCo, S.P.
>
>
> _______________________________________________
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
>


_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to