I don't understand what you mean when you say NAT modifications... meaning how the packets are changed on the gateway to allow them to be seen as transparent from behind??
When I do a netstat -an while connected remotley it shows the connection on SSH as coming from 203.10.10.38, but when I add a rule to allow everything from that net it still won't allow access...
I did add the rule before the divert, but i still couldn't connect until i added an allow all manually...
i also tried opening up the ssh port to everyone, with allow tcp from any to me 22 via tl0, but that wouldn't allow a connection either...
It's a bit confusing...
Thanks again,
D
From: Lowell Gilbert <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: "Drew Robertson" <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: IPFW Rule set question... Date: 24 Dec 2003 16:43:49 -0500
"Drew Robertson" <[EMAIL PROTECTED]> writes:
> I have enabled SSH, TELNET and FTP on my freeBSD 4.8 box at home... it > is dual homed, 2 NICs one for the internal LAN one running my cable > modem. Everything works fine on the internal side. > > When accessing the box using any of those apps from work, the system > looks to briefly connect and then returns a "Connection Lost" or > "Connection closed by remote host error". > > The command setup to allow in access is as follows... > > 820 allow log tcp from any to me 22 limit src-addr 4 in recv tl0 setup > 830 allow log tcp from any to me 23 limit src-addr 4 in recv tl0 setup
I assume these are supposed to have "keep-state" in them. It *is* written that way in the full ruleset you posted lower down.
> when this didn't work I added another command at the start of the
> ruleset to just let everything in from a particular IP address range...
>
> 202 allow ip from 203.10.10.0/24 to any
>
> however this produced the same error...
>
> It wasn't until I allowed all from any to any that I was able to connect...
Then the packets aren't actually being seen as coming from that address. Maybe you're running into NAT modifications?
> When checking out the security log, it tells me that rule 820 is > allowing access to my computer at home...
But only for SYN packets...
-- Lowell Gilbert, embedded/networking software engineer, Boston area: resume/CV at http://be-well.ilk.org:8088/~lowell/resume/ username/password "public"
_________________________________________________________________
Hot chart ringtones and polyphonics. Go to http://ninemsn.com.au/mobilemania/default.asp
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
