>My ipfwadm rules are:
>
> ipfwadm -I -p accept
> ipfwadm -O -p accept
> ipfwadm -F -p deny
These are bad defaults. Set your default to deny or reject and then
explictly ALLOW traffic in.
> ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0 2
> ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0 2
> ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0
> ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0
These are bad too. You need localhost for lots of stuff. Permit
localhost for internal access.
> ipfwadm -I -d deny -o -P all -S 206.63.241.175 -W eth0 -D 0/0 2
> ipfwadm -I -d deny -o -P all -S 192.168.0.200 -W eth1 -D 0/0 2
> ipfwadm -I -a deny -o -P all -S 206.63.241.175 -W eth0 -D 0/0
> ipfwadm -I -a deny -o -P all -S 192.168.0.200 -W eth1 -D 0/0
> ipfwadm -F -a masquerade -S 192.168.0.0/24 -D 0/0
Why the explict denies? Also.. you should deny UDP and TCP. Don't
disable ICMP! You are doing this via "-P all".
>my ipportfw rules are:
> ipportfw -A -u206.63.251.175/80 -R 192.168.0.100/80
> ipportfw -A -t206.63.251.175/80 -R 192.168.0.100/80
These are right.
...Using tcpdump (running on the Linux server), I can see that
>the packets are getting forwarded through the firewall, but the web server
>doesn't seem to see them.
It sounds like your IPFWADM INPUT or OUTPUT ruleset is filtering
the traffic. Is that your ENTIRE ruleset above or just a part of
it?
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
