Re: Operation: ipfw on a gateway box
Does anything work *without* the firewall? Yes, before I started messing with the firewall I had squid set up, I set up FreeBSD as a gateway and also as a DNS server. I could acces the WWW, ftp, telnet and all the other services at will, inside and outside my home LAN. Try temporarily setting the firewall to just pass everything (ipfw add 1 allow ip from any to any) and see if you can still get out through it. I'm guessing something else may be messed up now. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Operation: ipfw on a gateway box
Quoting Lowell Gilbert [EMAIL PROTECTED]: Hiram Abiff [EMAIL PROTECTED] writes: I followed your advice and rewrote my firewall rules. Although, even now, there are some major difficulties. Please remember that you sent this message to a mailing list with a very large number of people. I, for one, do not remember the earlier messages, and may not have read them. I appologize for the inconvenience. I will try to be clearer. I still, can't acces the net from my 2 other computers via my FreeBSD firewalled gateway. Although I set up on it to allow traffic on ports 21, 22, 53, 8080 I can only telent to port 21, all the others report a connection refused error. Where did you do this from? I tried accesing the FreeBSD box from the 2 other computers I have. Also I tried telneting from the FreeBSD box to itself. I can ping the FreeBSD box, but i cannot ping any outside IP addresseses from the FreeBSD box or the other boxes on my home LAN. In other words, not only can't you access the net from the other computers, but you can't from the FreeBSD box either? Unfortunately, yes. I tried pinging outside computers by IP address but I can#263;t anymore. Does anything work *without* the firewall? Yes, before I started messing with the firewall I had squid set up, I set up FreeBSD as a gateway and also as a DNS server. I could acces the WWW, ftp, telnet and all the other services at will, inside and outside my home LAN. Also when FreeBSD is booting I caught some error messages that said unknow command setup for some of my firewall rules. Kind of need more details here. I can't see what that could be... I was thinking maybe I misplaces the setup keyword in my firewall rule file. Did u happen to see it, I posted it in my last mail. I don#269;t understand how ftp works and my proxy serevr doesn't if I used the very same and exact syntax to define the rules. -- It was as though a veil had been rent. I saw on that ivory face the expression of sombre pride, of ruthless power, of craven terror -- of an intense and hopeless despair. Did he live his life again in every detail of desire, temptation, and surrender during that supreme moment of complete knowledge? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Operation: ipfw on a gateway box
I followed your advice and rewrote my firewall rules. Although, even now, there are some major difficulties. I still, can't acces the net from my 2 other computers via my FreeBSD firewalled gateway. Although I set up on it to allow traffic on ports 21, 22, 53, 8080 I can only telent to port 21, all the others report a connection refused error. I can ping the FreeBSD box, but i cannot ping any outside IP addresseses from the FreeBSD box or the other boxes on my home LAN. Also when FreeBSD is booting I caught some error messages that said unknow command setup for some of my firewall rules. I'm getting desperate please assist me in any way possible. Here's my fwrules file: fwcmd=/sbin/ipfw #Outside interface oif=tun0 #Inside interface iif=rl0 # Force a flushing of the current rules before reload $fwcmd -f flush #Check the state of all packets $fwcmd add check-state #Divert all packets through the tunnel interface. $fwcmd add divert natd ip from any to any via $oif # Allow all data from my network card and localhost $fwcmd add allow all from any to any via lo0 $fwcmd add allow ip from any to any via $iif # Allow all connections that I initiate $fwcmd add allow tcp from any to any out xmit $oif setup # Once connections are made, allow them to stay open $fwcmd add allow tcp from any to any via $oif established # Everyone on the internet is allowed to connect $fwcmd add allow tcp from any to any 22 setup $fwcmd add allow tcp from any to any 21 setup $fwcmd add allow tcp from any to any 8080 setup $fwcmd add allow tcp from any to any 53 setup $fwcmd add allow tcp from any to any 4662 setup $fwcmd add allow udp from any to any 4672 setup # This sends a RESET to all ident packets $fwcmd add reset log tcp from any to any 113 in recv $oif # Allow outgoing DNS queries ONLY to the specified servers $fwcmd add allow udp from any to 161.53.114.135 53 out xmit tun0 $fwcmd add allow udp from any to 161.53.114.145 53 out xmit tun0 # Allow them back in with the answers $fwcmd add allow udp from 161.53.114.135 53 to any in recv $oif $fwcmd add allow udp from 161.53.114.145 53 to any in recv $oif # Allow ICMP $fwcmd add 65435 allow icmp from any to any # Deny all the rest. #$fwcmd add 65435 deny log ip from any to any -- It was as though a veil had been rent. I saw on that ivory face the expression of sombre pride, of ruthless power, of craven terror -- of an intense and hopeless despair. Did he live his life again in every detail of desire, temptation, and surrender during that supreme moment of complete knowledge? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Operation: ipfw on a gateway box
Hiram Abiff [EMAIL PROTECTED] writes: I followed your advice and rewrote my firewall rules. Although, even now, there are some major difficulties. Please remember that you sent this message to a mailing list with a very large number of people. I, for one, do not remember the earlier messages, and may not have read them. I still, can't acces the net from my 2 other computers via my FreeBSD firewalled gateway. Although I set up on it to allow traffic on ports 21, 22, 53, 8080 I can only telent to port 21, all the others report a connection refused error. Where did you do this from? I can ping the FreeBSD box, but i cannot ping any outside IP addresseses from the FreeBSD box or the other boxes on my home LAN. In other words, not only can't you access the net from the other computers, but you can't from the FreeBSD box either? Does anything work *without* the firewall? Also when FreeBSD is booting I caught some error messages that said unknow command setup for some of my firewall rules. Kind of need more details here. I can't see what that could be... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
