Quoting Khalil Khozeimeh [EMAIL PROTECTED]:
I have configured a FreeBSD 4.8 system as a filtering bridge/firewall using
the IPFW. I am interested in enabling FTP clients from inside the firewall
to access FTP servers on the outside. It will be appreciated if somebody can
point me
I have configured a FreeBSD 4.8 system as a filtering bridge/firewall using
the IPFW. I am interested in enabling FTP clients from inside the firewall
to access FTP servers on the outside. It will be appreciated if somebody can
point me in the proper direction to configure IPFW (procedure
I have set my firewall to
firewall_type=open
firewall_enable=YES
and when I want to drop a specific IP, I enter it manually, it accepts it,
but it does not drop the packets..
I am getting a lot of virus activity on my SMTP port 25. So I wanted to
drop a few IP ranges/addresses..
00100 62054
On Wed, Oct 01, 2003 at 01:18:17PM -0500, Gary wrote:
I have set my firewall to
firewall_type=open
firewall_enable=YES
and when I want to drop a specific IP, I enter it manually, it accepts it,
but it does not drop the packets..
I am getting a lot of virus activity on my SMTP port 25
: Firewall problem
I have set my firewall to
firewall_type=open
firewall_enable=YES
and when I want to drop a specific IP, I enter it manually,
it accepts it,
but it does not drop the packets..
I am getting a lot of virus activity on my SMTP port 25. So I
wanted to
drop a few IP
On Wednesday 01 October 2003 01:18 pm, Gary wrote:
I have set my firewall to
firewall_type=open
firewall_enable=YES
and when I want to drop a specific IP, I enter it manually, it accepts it,
but it does not drop the packets..
I am getting a lot of virus activity on my SMTP port 25. So I
On Wed, 2003-10-01 at 11:18, Gary wrote:
I have set my firewall to
firewall_type=open
firewall_enable=YES
and when I want to drop a specific IP, I enter it manually, it accepts it,
but it does not drop the packets..
I am getting a lot of virus activity on my SMTP port 25. So I wanted
On Wed, Oct 01, 2003 at 02:24:51PM -0400 or thereabouts, Rob Ellis wrote:
On Wed, Oct 01, 2003 at 01:18:17PM -0500, Gary wrote:
I am getting a lot of virus activity on my SMTP port 25. So I wanted to
drop a few IP ranges/addresses..
00100 62054 5483792 allow ip from any to any via lo0
Andrew L. Gould wrote:
On Wednesday 01 October 2003 01:18 pm, Gary wrote:
I have set my firewall to
firewall_type=open
firewall_enable=YES
and when I want to drop a specific IP, I enter it manually, it accepts it,
but it does not drop the packets..
I am getting a lot of virus activity on my
Hello Kevin,
Wednesday, October 1, 2003, 2:14:16 PM, you wrote:
SP Yes, in this case, since this is ipfw, and first match wins.
SP Using ipf, it's the opposite; gotta love 'Nix! ;-)
Yah, really g How does one get started on IPF... IIRC, they have more
ftures / context ...
--
Best
, option No. 1
will do - I just want to get kernel ppp working with a firewall enabled.
So far, I've gotten ppp working, but only with the firewall disabled.
Good. Use that as a starting point. Revert back to the cofiguration
that worked, and we'll add a firewall.
With option 1, your box
In the continuing saga of my firewall configuration...
One kind member of this list suggested I must compile this into my
kernel:
options IPDIVERT
So I did that, and it made a difference though it didn't solve the
problem. Previously, whenever I started ppp, if I attempted to ping I
would
, you have three options:
1) This is not a gateway. You need PPP and a firewall.
2) This is a gateway. You need PPP, a firewall, and NAT
implemented via user PPP.
3) This is a gateway. You need PPP, a firewall, and NAT
implemented via the firewall.
Decide on an option, and tell us which you're
, your gateway computer will be able to use PPP without
your previous firewall, but none of your other computers will be able
to connect.
Dear Bob,
Thanks. Acting on Scott's suggestion, I put this in /etc/rc.conf:
natd_enable=YES
natd_interface=ppp0
However, I'm still left with the same problem
setting up NAT, so I assume you still haven't done
it. Without NAT, your gateway computer will be able to use PPP without
your previous firewall, but none of your other computers will be able
to connect.
Dear Bob,
Thanks. Acting on Scott's suggestion, I put this in /etc/rc.conf
Lay Tay wrote:
[ ... ]
Everything worked fine except that I noticed ssh connection takes a very
long time. When I use PUTTY or WinSCP on a windows machine to connect to
my internal machine, the authentication takes a very long time. WinSCP
will alway timeout on the first try, when I hit retry,
can connect successfully.
It looks like you're using the CLIENT ruleset from the default
rc.firewall. If this firewall is for a LAN, you will have more success
with the SIMPLE ruleset. (I made the same mistake the first time I set
up a LAN firewall.)
Thanks, that was a good suggestion (to use
Hello,
I've configured a FreeBSE v4.8 STABLE system on a HP Vectra machine
(Pentium III 850 with 256MB RAM) as a firewall/router. I then have another
similar machine setup internally with SSH service started (OpenSSH on a
SuSE 8.1 Linux).
Everything worked fine except that I noticed ssh
out that they are having trouble with specific apps,
but otherwise can connect successfully.
It looks like you're using the CLIENT ruleset from the default
rc.firewall. If this firewall is for a LAN, you will have more success
with the SIMPLE ruleset. (I made the same mistake the first
Dear All,
I'm having a hard time configuring a firewall. I ALMOST understand it,
but I've run into one problem. I think I don't actually have my
/etc/rc.firewall set up properly. Maybe I don't really understand what
the ip setting should be, and I've made it the same as my net
setting. Anyway
On Sun, Sep 14, 2003 at 05:27:15PM +0800, Robert Storey wrote:
Dear All,
I'm having a hard time configuring a firewall. I ALMOST understand it,
but I've run into one problem. I think I don't actually have my
/etc/rc.firewall set up properly. Maybe I don't really understand what
the ip
need to do a lot of reading about ipfw
rules, check the man pages.
I know that the FBSD handbook gives the reader the impression that
IPFW is the only firewall available to FBSD, but that is a false
impression. FBSD has IPFILTER which is also a built in firewall like
IPFW and the netbsd firewall IPF
fbsd_user [EMAIL PROTECTED] writes:
I know that the FBSD handbook gives the reader the impression that
IPFW is the only firewall available to FBSD, but that is a false
impression. FBSD has IPFILTER which is also a built in firewall.
PF is also in ports, which is interesting. That's appealing
On Sun, Sep 14, 2003 at 12:58:19PM -0400, fbsd_user wrote:
other options. I have used both IPFW and IPFILTER, IPFW's keep state
rules do not function correctly on a DSL or cable internet
connection,
I use IPFW with stateful rules on a cable connection without problem.
I've tested them to
On Sun, Sep 14, 2003 at 05:27:15PM +0800, Robert Storey wrote:
Dear All,
I'm having a hard time configuring a firewall. I ALMOST understand it,
but I've run into one problem. I think I don't actually have my
/etc/rc.firewall set up properly. Maybe I don't really understand what
the ip
On Sun, Sep 14, 2003 at 11:52:40PM -0400, Bob Hall wrote:
On Sun, Sep 14, 2003 at 05:27:15PM +0800, Robert Storey
wrote:
Dear All,
I'm having a hard time configuring a firewall. I ALMOST
understand it,
but I've run into one problem. I think I don't actually
have my
/etc/rc.firewall
Douglas Carmichael wrote:
HTTP connections across the firewall work fine (ie. web browsing) and I can
maintain a connection to a streaming radio station just fine from my
PowerBook inside the firewall, but AIM, ICQ, and Yahoo Messenger seem to
stay up for a while and then just unexpectedly
System: FreeBSD 5.1-RELEASE running as a firewall (ipfw) and NAT for
192.168.1.0/24
Interfaces: xl0 (internal interface, 192.168.1.1)
sis0 (cable modem interface) (address assigned by DHCP)
HTTP connections across the firewall work fine (ie. web browsing) and I can
maintain
to get extra nics for this machine and stick additional servers, such as our
win2k domain controllers, and a mysql box, possibly more, behind the firewall/nat.
i wanted to ask - for a firewall/nat that would potentially be protecting multiple
production machines, is ipfilter's performance
Well, if you can, crack open a hardware firewall like a Cisco PIX. You
will recognize a LOT of what is in there and you will be very surprised. I
have hardware in quotes because the only real differentiator is that PCs
have hard drives for storage, these unit dont. Yes, some will have
Hi,
Sitting behind a firewall that doesn't allow direkt ftp (neither
active nor passive) I'm looking for a way to fetch packages
(i.e. pkg_add -r) from the Internet. What's possible though is doing
http or ftp through a proxy server.
So, how do I instruct pkg_add to download packages either via
On Wed, Sep 03, 2003 at 09:45:49AM +0200, [EMAIL PROTECTED] wrote:
Sitting behind a firewall that doesn't allow direkt ftp (neither
active nor passive) I'm looking for a way to fetch packages
(i.e. pkg_add -r) from the Internet. What's possible though is doing
http or ftp through a proxy
ZaiD Dashti [EMAIL PROTECTED] writes:
i got DoS attack
how i can use the firewall ?
i have tried to understand (man ipfw) but i didn't understand it
any easy way to learn and understand firewall (ipfw)
The first thing you need to understand is what a firewall does, and
what you're protecting
hi
i got DoS attack
how i can use the firewall ?
i have tried to understand (man ipfw) but i didn't understand it
any easy way to learn and understand firewall (ipfw)
thanks
_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE
I'd start by looking on DevShed, they have a great IPFW tutorial that i used
to make my rules etc.
-Original Message-
From: ZaiD Dashti [mailto:[EMAIL PROTECTED]
Sent: Wed 8/27/2003 6:15 PM
To: [EMAIL PROTECTED]
Cc:
Subject: how to use firewall
2:40 AM
Subject: NATD Firewall Rules Setup
I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall
locked down as I need it to be but am having issues getting NAT working.
The firewall config file is included below.
Note that if I add the allow all rule to the end of the file
- Original Message -
From: Thomas Smith [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, August 22, 2003 1:40 PM
Subject: NATD Firewall Rules Setup
I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall
locked down as I need it to be but am having issues getting
I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall
locked down as I need it to be but am having issues getting NAT working.
The firewall config file is included below.
Note that if I add the allow all rule to the end of the file NAT works
fine. I'm certain its an IPFW
On Fri, Aug 22, 2003 at 11:40:50AM -0700, Thomas Smith wrote:
I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall
locked down as I need it to be but am having issues getting NAT working.
The firewall config file is included below.
Note that if I add the allow all rule
Lucas Holt wrote:
My problem lies in UDP rules. I think I have TCP figured out. My first
attempt blocked off DNS queries from the machine outward. I could query
the DNS server, but apps could not do lookups. i figure it has
something to do with ports above 1024, but I'm not sure how to
I want to setup a firewall (ipfw) on my freebsd 4.8 p3 server. The
machine runs web, ftp, ssh, dns, smtp, and imap to the outside world.
Does anyone have any links to example rules for servers? (I've already
looked at the handbook and man file)
My problem lies in UDP rules. I think I have
On Tue, Aug 19, 2003 at 02:31:55PM -0400, Lucas Holt wrote:
I want to setup a firewall (ipfw) on my freebsd 4.8 p3 server. The
machine runs web, ftp, ssh, dns, smtp, and imap to the outside world.
Does anyone have any links to example rules for servers? (I've already
looked
On Tue, Aug 19, 2003 at 09:29:13PM +0200, Alex de Kruijff wrote:
On Tue, Aug 19, 2003 at 02:31:55PM -0400, Lucas Holt wrote:
I want to setup a firewall (ipfw) on my freebsd 4.8 p3 server. The
machine runs web, ftp, ssh, dns, smtp, and imap to the outside world.
Does anyone have any
On Wednesday 13 August 2003 11:27 am, Darryl Hoar wrote:
-Original Message-
From: Mark Woodson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 13, 2003 11:54 AM
To: [EMAIL PROTECTED]
Subject: Re: Blocking RIP requests on firewall
On Wednesday 13 August 2003 07:53 am, Darryl Hoar
Darryl Hoar [EMAIL PROTECTED] writes:
Greetings,
I have a FreeBSD 4.7S machine that is running
IPFilter and is configured as a firewall.
My external interface is xl0.
I put block in quick on xl0 proto udp from 10.0.0.1 to any port = 520
All of the packets are coming from 10.0.0.1
(top quoting make following threads difficult)
On Wednesday 13 August 2003 12:49 pm, Darryl Hoar wrote:
ipfstat -in shows:
@1 pass in quick on xl0 proto udp from 10.0.0.1/32 to any port = 68 keep
state
@2 block return-rst in log quick on xl0 proto tcp from any to any
@3 block
Hi
For a stateful firewall:
check-state
allow tcp from my-server to outside-mirror cvsup setup keep-state
Non stateful firewall:
allow tcp from any to any established
allow tcp from my-server to outside-cvsmirrror cvsup setup
The port number for cvsup according to /etc/services is 5999(tcp
Hi,
The company I work for is implementing a new firewall, and there is some
posibilty I might be able to get the apropriate ports to cvsup my FreeBSD
machines open.
Assuming pasive mode cvsup, what ports would I need open?
I think that the multiplexed mode is more appropriate for your
Greetings,
I have a FreeBSD 4.7S machine that is running
IPFilter and is configured as a firewall.
My external interface is xl0.
I put block in quick on xl0 proto udp from 10.0.0.1 to any port = 520
reloaded the rules (by rebooting. I have it locked down).
it still generates log entries in my
Yes,
10.0.0.1 is the SMC ADSL modem (external).
It is running DHCP and assigns the ip
to my firewall.
-ISP's DSL Line - ADSL Modem - Firewall - LAN
-Darryl
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Lowell Gilbert
Sent: Wednesday, August 13, 2003 12
...top-post ,please don't
Darryl Hoar [EMAIL PROTECTED] writes:
Yes,
10.0.0.1 is the SMC ADSL modem (external).
It is running DHCP and assigns the ip
to my firewall.
-ISP's DSL Line - ADSL Modem - Firewall - LAN
Then the packets *aren't* being sourced from 10.0.0.1; that's just the
last
stan wrote:
The company I work for is implementing a new firewall, and there is some
posibilty I might be able to get the apropriate ports to cvsup my FreeBSD
machines open.
Assuming pasive mode cvsup, what ports would I need open?
~$grep cvsup /etc/services
cvsup 5999/tcp
The company I work for is implementing a new firewall, and there is some
posibilty I might be able to get the apropriate ports to cvsup my FreeBSD
machines open.
Assuming pasive mode cvsup, what ports would I need open?
--
They that would give up essential liberty for temporary safety deserve
- Original Message -
From: William Knechtel [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 29, 2003 5:26 PM
Subject: Help with FreeBSD Bridged Firewall
Hello!
Help!! I'm running a PC with dual NICs and FreeBSD 4.8 as a bridged
firewall. I've got a private IP 10.0.0.1
Knechtel; [EMAIL PROTECTED]
Subject: Re: Help with FreeBSD Bridged Firewall
- Original Message -
From: William Knechtel [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 29, 2003 5:26 PM
Subject: Help with FreeBSD Bridged Firewall
Hello!
Help!! I'm running a PC with dual
Hi all,
shooting blind here cause I trouble shoot this (although I am remote from
the systems in question)
203.111.111.216/29 -NAT- 10.0.0.110.0.0.2
Internet--FBSD (ipfilter/ipnat squid) -- www/mail server
All live ips are alias to external interface of FBSD they NAT
RYAN vAN GINNEKEN wrote:
ipfw /etc/rc.fw4
gives me
ipfw: bad arguments, for usage summary ``ipfw''
need to start my firewall without rebooting
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
with an intermediate rule.
Take a look at the script in /etc/rc.firewalls and you'll see that's all
they are doing.
so your firewall file should be a shell script. Even if you do man
ipfw you'll see that in no way does ipfw accept a file name as an
arguemnt. Pretty simple eh?
While you can write
untill you'r happy.
Then change your rules by editing the file, and when your done and happy
with your new rules you can reload them into the firewall over a remote
link with the following command:
# ipfw -f flush; ipfw /etc/myipfw.rules
The '' starts it as a background process to prevent it from
connectivity with an intermediate rule.
Take a look at the script in /etc/rc.firewalls and you'll see that's all
they are doing.
so your firewall file should be a shell script. Even if you do man
ipfw you'll see that in no way does ipfw accept a file name as an
arguemnt. Pretty simple eh?
While
ipfw /etc/rc.fw4
gives me
ipfw: bad arguments, for usage summary ``ipfw''
need to start my firewall without rebooting
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL
--- RYAN vAN GINNEKEN [EMAIL PROTECTED] wrote:
ipfw /etc/rc.fw4
gives me
ipfw: bad arguments, for usage summary ``ipfw''
need to start my firewall without rebooting
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman
hello group
I need to know how to stop and start my firewall rules without resetting my computer
as I am on ADSL and have a dynamic ip that I do not want to change. seems to change
mostly when I reboot mostly.
so here is the dilemma I run bind apache bincimap postfix and a few others it is my
On Sun, 13 Jul 2003, RYAN vAN GINNEKEN wrote:
IS THERE A WAY ACTIVATE ALL THIS WITHOUT A REBOOT
ipfw /path/to/firewall.rules.file
ALSO IS THERE A WAY DE-ACTIVATE ALL THIS WITHOUT A REBOOT IN CASE
SOMETHING GOES WRONG WHICH USUALLY DOES WITH MY FIREWALL RULES
ipfw flush
Regards,
--
-Jonas
On Sunday 13 July 2003 11:41 am, RYAN vAN GINNEKEN wrote:
hello group
I need to know how to stop and start my firewall rules without
resetting my computer as I am on ADSL and have a dynamic ip that I do
not want to change. seems to change mostly when I reboot mostly.
so here is the dilemma
Q1:
i just setup my first ipfw/with natd firewall :-)
i run the preconfigured firewalltype called simple
can anyone help me make a ruleset that blocks all to inside
(except dhcp from my isp ssh from inside) and allows everything out?
when i try to learn, and look at the simple configuration
On Sat, Jul 12, 2003 at 12:33:47AM +0200, mempheria wrote:
Q1:
i just setup my first ipfw/with natd firewall :-)
i run the preconfigured firewalltype called simple
can anyone help me make a ruleset that blocks all to inside
(except dhcp from my isp ssh from inside) and allows everything
the full path, at least for
ipfw rulesets) when switching among them:
# ipfw -q /etc/ipfw.open
# ipfw -q /etc/ipfw.paranoid
And if so, how do you set this up in /etc/rc.conf, since
the firewall type by default looks at rc.firewall...
There is a post I made in -questions a while ago
dhclient.conf ``ignore'' the media directive?
2. Can I have /different/ NFS mounts, depending on the IP address
dhclient assigns to me?
3. Can I have /different/ firewall rules, depending on the IP address
dhclient assigns to me?
And now for the more through version:
Firstly, even though I
, for those interested.
1. Why does dhclient.conf ``ignore'' the media directive?
2. Can I have /different/ NFS mounts, depending on the IP address
dhclient assigns to me?
3. Can I have /different/ firewall rules, depending on the IP address
dhclient assigns to me?
[ ]
No complete
a different set of firewall rules would be started based
on the assigned IP address.
4. Just in case it might help you, here is my /etc/dhclient-exit-hooks:
# nothing to do unless we're bound
case ${reason} in
BOUND | RENEW | REBIND | REBOOT )
if [ -n ${new_domain_name_servers
On Tue, Jul 01, 2003 at 08:45:54AM -0400, Dan Pelleg wrote:
1. http://www.freebsd-support.de/misc/setnetparm/
I've never had the chance to use it myself, but it might help.
I've checked this out briefly and it's geared more towards static
setups, but I think DHCP can be configured to pretty
Sir,
I being a student of management have been assigned with the reseach forMANAGED
COLOCATION , MANAGED FIREWALLS ,MANAGED BACKUP software.as a leading organization
your company have been dealing with this product,I would be highly oblige if u could
give or assist by giving information
Hi, all
So far, I known firewall is a choice when I want
to protect my boxes from crackers but my question is
if I closed the service I don't use (such as port 25
for STMP) so the cracker out there can't attack,
what's the reason firewall come to play ?
Thanks in advance
Hi,
So far, I known firewall is a choice when I want
to protect my boxes from crackers but my question is
if I closed the service I don't use (such as port 25
for STMP) so the cracker out there can't attack,
what's the reason firewall come to play ?
From a general viewpoint the more
Supote Leelasupphakorn wrote:
Hi, all
So far, I known firewall is a choice when I want
to protect my boxes from crackers but my question is
if I closed the service I don't use (such as port 25
for STMP) so the cracker out there can't attack,
what's the reason firewall come to play ?
First off
Please add a decent subject line to your posts:
http://www.lemis.com/questions.html
[EMAIL PROTECTED] wrote:
FreeBSD-
I have a Firewall and i want to open port 22 for SSH for two different IP
adresses and it won't let me do this.
We're going to need more detail on exactly how you're
08:33:08.160246 arp who-has A.B.C.154 tell A.B.C.145
It looks to me as if your ISP does not know you've subnetd your
subnet.
If it knew, it should never try to do an arp for the subnet
A.B.C.152/29 but route the ICMP to A.B.C.146 and that's it.
So the router of your ISP genuinely beleive that
[Please cc me directly with any replies. Thanks]
I'm setting up a multihomed firewall box. I have all interfaces up and
running but have something going wrong with routing. The setup:
ISP router [A.B.C.144/28, using A.B.C.145]
|
FIREWALL PUBLIC[A.B.C.146/29]
FIREWALL DMZ IFACE [A.B.C.153
Hi Mark,
I'm setting up a multihomed firewall box. I have all interfaces up and
running but have something going wrong with routing.
do you have forwarding enabled on the firewall?
Check if:
sysctl net.inet.ip.forwarding
shows:
net.inet.ip.forwarding: 1
-volker
-Original Message-
From: Volker Kindermann [mailto:[EMAIL PROTECTED]
I'm setting up a multihomed firewall box. I have all interfaces up and
running but have something going wrong with routing.
do you have forwarding enabled on the firewall?
Check if:
sysctl
only used FreeBSD since 4.5, but here
goes. I think you need:
firewall_enable=YES
firewall_script=/etc/firewall.ast
If you use the firewall_type option, I think it wants to use that type
of firewall from /etc/rc.firewall, ie SIMPLE, OPEN, CLOSED, etc.
== 2nd Problem is I need to divert my public
Good Day.
I have a small problem compared to the problems listed here. I have Freebsd
v3.1 (fairly old). I have compiled the kernel with
options IPFIREWALL and
options IPDIVERT
options IPFIREWALL_VERBOSE
in my rc.conf file I have
gateway_enable=YES
firewall_enable=YES
John Meyer [EMAIL PROTECTED] wrote:
add 00100 tcp from any to any
When I disable that as well all seems to work well. It looks like the option
in rc.conf firewall_type=/etc/firewall.ast does not get interpreted
correctly.
That rule should certainly have an 'action' keyword eg. allow.
Try 'add
Greetings,
I am running 4.4-stable on my firewall.
I have set it up using www.schlacter.com
as a guide.
I keep getting this message very minute in my
firewall log. I need to decipher this and if its
normal, quit logging it as it's filling up my
firewall log.
here's the entry:
Mar 24 08:06:43
,
or is a hardware router. Either way, it's trying to do UDP RIP
advertisements to the local broadcast address, to try and discover other
routers on the network. If 10.0.0.1 is your firewall, and you don't need
routed/gated (if you only have a default route out of there, you don't),
you can disable
-Original Message-
From: Darryl Hoar [mailto:[EMAIL PROTECTED]
Sent: Monday, March 24, 2003 17:35
To: [EMAIL PROTECTED]
Subject: help with firewall log message
Greetings,
snip
what does it mean ?
Also, is there a good reference that would allow a user
to break down
almost makes it's firewalling capabilities redundant; so I
know the build is not necessarily ideal. I would like to keep it where it
is for now, until I am brave enough to place behind a freebsd firewall. I
am just looking for a simple starter ruleset that allows ports
22,25,80,1, 53 to keep
to this and don´t
understand firewall rules syntax fully. I have funded my own lab to
experiment with this fun and powerful stuff...
some more notes.
Firewall:two intefaces
fxp0: 192.168.0.2/29 connected to router connected to DSL demarc
(eventually I will get rid of this router and replace with BSD
On Thursday 20 March 2003 13:38, W. J. Williams wrote:
I am experimenting with IPFW firewalls and have hit a roadblock. I am
trying to allow ssh, mail, dns requests, pings and traceroutes out, but
not in. I am hitting a roadblock on mail and pings out
Assuming that 192.168.0.0/29 is your
firewall rules syntax fully. I have funded my own lab to
experiment with this fun and powerful stuff...
Did you setup NAT and IPDIVERT in your kernel?
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/natd.html
Even though you have 2 private networks, you still need to run NAT accross
help me...I am new to this and don´t
understand firewall rules syntax fully. I have funded my own lab to
experiment with this fun and powerful stuff...
Did you setup NAT and IPDIVERT in your kernel?
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/natd.html
Even though you
. I think you want:
add 2000 allow tcp from 192.168.0.0/29 to any 22,25,1 setup
192.168.0.0/29 is used for my wireless router, a switch, the incoming port
on the firewall, and some test pcs that I don´t have behind the firewall.
192.168.1.0 is the network hosting the hosts...
Does
Greeting,
I have a box that is running 4.7-stable. I have it configured as a
filewall, and
does nat.
recently, I've been getting Arplookup failure: 10.1.1.1 not on local
network.
I went into my rules and put a rule to block 10.x.x.x from coming into my
network from my DSL link.
Problem is ,
Brian Henning [EMAIL PROTECTED] writes:
Hello-
I am pretty new to natd and ipfw, so i would like to be able to describe what i
want
to be able to do with my new bsd router. This is to understand the nomenclature
and how understand
how other people use bsd as a router/firewall.
So far i
Lowell Gilbert said:
Brian Henning [EMAIL PROTECTED] writes:
If you're not familiar with ipfw rules and nat use the the simple
firewall in the rc.firewall script as a starting point. It's reasonably
well documented.
--
Joe Sotham
If the only prayer you say in your entire life
are you confused?
That depends on what you're trying to do and what
the contents of
/etc/ipfw.rules are. There are currently the
following ways to set up
a completely custom set of firewall rules:
1. Rewrite /etc/rc.firewall
This can easily be done, if you replace
/etc/rc.firewall
Hello-
currently my rc.conf is set up like this for my gateway router.
gateway_enable=YES
firewall_enable=YES
firewall_type=OPEN
natd_enable=YES
natd_interface=rl1 # natd -interface rl1, public interface
natd_flags=# sysctl net.inet.ip.forwarding=1
how can i have the script
in the firewall rules allow all
established TCP connections, and then later allow the setup for the initial
SSH connection. 10.0.1.2 would be a machine behind the firewall to receive
SSH connections, and ed0 would be the external internet interface.
in /etc/rc.conf:
natd_flags=-redirect_port tcp
. Early in the firewall rules allow all
established TCP connections, and then later allow the setup for the initial
SSH connection. 10.0.1.2 would be a machine behind the firewall to receive
SSH connections, and ed0 would be the external internet interface.
in /etc/rc.conf:
natd_flags
901 - 1000 of 1122 matches
Mail list logo
