Re: RE: RE: [JunkMail] IPF & DHCP request
x.x.x.x/32 isn't supposed to be your IP, it's your ISP's DHCP server address. Find that out from your ISP and insert it there. What I did was set it to "from any to any", then checked dhclient.leases to find out what server was giving my my information. - Original Message - From: "geek" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 18, 2003 10:05 AM Subject: RE: RE: RE: [JunkMail] IPF & DHCP request That's not the point, the dhcp works, what doesnt work is the ipf.rules (don't let the DHCP work), and i dont have internet anyway, my question was in this line: > # > # Allow bootp traffic in from your ISP's DHCP server only. > # > pass in quick on ed0 proto udp from X.X.X.X/32 to any port = 68 keep state i change X.X.X.X/32 for what?! if i dont have a "stable" IP!? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [JunkMail] IPF & DHCP request
"geek" <[EMAIL PROTECTED]> writes: > That's not the point, the dhcp works, what doesnt work is the ipf.rules (don't let > the DHCP work), and i dont have internet anyway, my question was in this line: > > > # > > # Allow bootp traffic in from your ISP's DHCP server only. > > # > > pass in quick on ed0 proto udp from X.X.X.X/32 to any port = 68 keep state > > i change X.X.X.X/32 for what?! if i dont have a "stable" IP!? It doesn't matter. The keyword "from" means that X.X.X.X/32 is supposed to be the *other* machine's address (the server). ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [JunkMail] RE: RE: [JunkMail] IPF & DHCP request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sunday 17 August 2003 05:05 pm, geek wrote: > i read it already, but i have a problem with it > > # > # Allow bootp traffic in from your ISP's DHCP server only. > # > pass in quick on ed0 proto udp from X.X.X.X/32 to any port = 68 keep state > > My IP changes every time i reboot the machine, how i can make this works ?! The from (ed0 is the external interface in the example) is the address of your ISP's DHCP server. replace X.X.X.X with any unless you want to try and figure out the DHCP server's IP address. So the line above should read pass in quick on ed0 proto udp from any to any port = 68 keep state This is less secure than is ideal since it would allow a theoretical attack on your dhclient, but should work. - -Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/QSTSF/yyV91po54RApamAKCVZthCWcjwvbD0EiJriOgPMu2elgCgp4uh wPApM5PWXWdH8bZEHZV4GhE= =5QOO -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: RE: RE: [JunkMail] IPF & DHCP request
That's not the point, the dhcp works, what doesnt work is the ipf.rules (don't let the DHCP work), and i dont have internet anyway, my question was in this line: > # > # Allow bootp traffic in from your ISP's DHCP server only. > # > pass in quick on ed0 proto udp from X.X.X.X/32 to any port = 68 keep state i change X.X.X.X/32 for what?! if i dont have a "stable" IP!? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: RE: [JunkMail] IPF & DHCP request
On Mon, 18 Aug 2003, geek wrote: > i read it already, but i have a problem with it > > # > # Allow bootp traffic in from your ISP's DHCP server only. > # > pass in quick on ed0 proto udp from X.X.X.X/32 to any port = 68 keep state > > My IP changes every time i reboot the machine, how i can make this works ?! If your IP is changing, then you ARE able to DHCP. In other words, it does "works." -Charlie ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: RE: [JunkMail] IPF & DHCP request
i read it already, but i have a problem with it # # Allow bootp traffic in from your ISP's DHCP server only. # pass in quick on ed0 proto udp from X.X.X.X/32 to any port = 68 keep state My IP changes every time i reboot the machine, how i can make this works ?! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [JunkMail] IPF & DHCP request
At 09:29 PM 8/17/2003 +0100, geek wrote: Hey guys, can u please post (who have) rules with DHCP involved?! because, i'm in troube, my firewall doesnt work because because my ipf.rules doesnt work and i dont know why!! When i put in rules "pass in/out all" i have acess to the internet, otherwise, with my rules i dont, and i have change them so many times, and they didnt work anyway, if anyone can help me: block in log all block out log all This should be at the end. It's organizationally easiest if you break it up into by interface. I think is overly restrictive additionally. pass in quick on lo0 all pass out quick on lo0 all pass in quick on ep0 all pass out quick on ep0 all #Allow internal traffic to outside world pass out quick on ep1 proto tcp all keep state pass out quick on ep1 proto udp all keep stateuic pass out quick on ep1 proto icmp all keep state #Allow traffic from outside #DNS pass in quick on ep1 proto udp from any to any port = 53 keep state this really isn't necessary. You've allowed responses to queries by the pass out on the interface above. #DHC# [dhclient] pass in quick on ep1 proto udp from any to any port = 68 keep state keep fragsP keep frags is really unnecessary. I'd recommend the howto at this address. http://www.schlacter.net/public/FreeBSD-STABLE_and_IPFILTER.html -Mark ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"