[masq] ipfwadm checking acceptance of IP packet

Marcin Owsiany Thu, 10 Sep 1998 06:34:53 -0400

Hi,
I am trying to set up a firewall/masq box for my small network
One of the things I want it to do is to filter all packets from outside
world to netbios ports
this is my set of commands:

topology:

------  ppp0  ------------------------      eth0
INET |--------| my beloved Linux box |--------------------Ethernet
------        ------------------------
     193.59.68.168                       192.68.0.254



ipfwadm -F -f
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -F -p deny
ipfwadm -O -p accept
ipfwadm -I -p accept
ipfwadm -I -a deny -W ppp0 -P udp -S 0.0.0.0/0 -D 193.59.68.168 137
ipfwadm -I -a deny -W ppp0 -P udp -S 0.0.0.0/0 -D 193.59.68.168 138
ipfwadm -I -a deny -W ppp0 -P udp -S 0.0.0.0/0 -D 193.59.68.168 139
ipfwadm -I -a deny -W ppp0 -P tcp -S 0.0.0.0/0 -D 193.59.68.168 137
ipfwadm -I -a deny -W ppp0 -P tcp -S 0.0.0.0/0 -D 193.59.68.168 138
ipfwadm -I -a deny -W ppp0 -P tcp -S 0.0.0.0/0 -D 193.59.68.168 139
.
.
.

and commands:

ipfwadm -F -l
ipfwadm -I -l
ipfwadm -O -l
ipfwadm -A -l

give me:
--------------------------------------------------------------------------
IP firewall forward rules, default policy: deny
type  prot source               destination          ports
acc/m all  localnet/24          anywhere             n/a
IP firewall input rules, default policy: accept
type  prot source               destination          ports
deny  udp  anywhere             lo4.ids.bielsko.pl   any -> netbios-ns
deny  udp  anywhere             lo4.ids.bielsko.pl   any -> netbios-dgm
deny  udp  anywhere             lo4.ids.bielsko.pl   any -> netbios-ssn
deny  tcp  anywhere             lo4.ids.bielsko.pl   any -> netbios-ns
deny  tcp  anywhere             lo4.ids.bielsko.pl   any -> netbios-dgm
deny  tcp  anywhere             lo4.ids.bielsko.pl   any -> netbios-ssn
IP firewall output rules, default policy: accept
IP accounting rules
--------------------------------------------------------------------------


so it all looks good, however i would like to check acceptance of packet
from "anywhere" through ppp0 to e.g port 137 with "ipfwadm -c"

however if i say:
ipfwadm -I -c -P tcp -S 193.59.68.1:1234 -D lo4.ids.bielsko.pl:138 -W \
                          ppp0 -V 193.59.68.168

it answers:
ipfwadm: one port required with source/destination address
Try `ipfwadm -h' for more information.

and if i say:
ipfwadm -I -c -P tcp -S 193.59.68.1:1234 -D lo4.ids.bielsko.pl:138 -W \
                          ppp0 -V 193.59.68.168:3456

(lo4.ids.bielsko.pl is my F.Q.D.N and 193.59.68.1 is my nameserver, so it 
is there for sure)


I only have one question: what am i doing wrong ??????????????

---------------------------------------------------
Marcin Owsiany
[EMAIL PROTECTED]
---------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
[masq] ipfwadm checking acceptance of IP packet

Reply via email to
