On Nov 21, 2008, at 6:25 PM, Wojciech Puchar wrote:
I am trying to add a IPFW rule to forward traffic but I keep
getting the message ipfw: getsockopt(IP_FW_ADD): Invalid
argument. The rule I am trying to add looks like this:
ipfw add 600 fwd 192.169.2.3, 6000 tcp from 192.169.2.3 to any
On Nov 22, 2008, at 5:43 AM, Tom Marchand wrote:
On Nov 21, 2008, at 6:25 PM, Wojciech Puchar wrote:
I am trying to add a IPFW rule to forward traffic but I keep
getting the message ipfw: getsockopt(IP_FW_ADD): Invalid
argument. The rule I am trying to add looks like this:
ipfw add
rule looks OK, but your message clearly suggest you DO NOT have IP
forwarding enabled
Interesting sysctl reports that forwarding is enabled:
$ sysctl -a |grep forward
net.inet.ip.forwarding: 1
it's not that. it's about routing, not ipfw forwarding
you need
IPFIREWALL_FORWARD
option in
On Nov 22, 2008, at 10:37 AM, Wojciech Puchar wrote:
rule looks OK, but your message clearly suggest you DO NOT have IP
forwarding enabled
Interesting sysctl reports that forwarding is enabled:
$ sysctl -a |grep forward
net.inet.ip.forwarding: 1
it's not that. it's about routing, not
I am trying to add a IPFW rule to forward traffic but I keep getting
the message ipfw: getsockopt(IP_FW_ADD): Invalid argument. The rule
I am trying to add looks like this:
ipfw add 600 fwd 192.169.2.3, 6000 tcp from 192.169.2.3 to any 80
I do have IP Forwarding enabled. Any ideas what I
On Mon, 5 Nov 2007 00:22:00 + RW [EMAIL PROTECTED] wrote:
On Sun, 4 Nov 2007 16:10:12 -0800 (PST)
Juri Mianovich [EMAIL PROTECTED] wrote:
Is there a way to tell ipfw:
all interfaces currently configured on this system ?
...
So if I have a rule like:
On Monday 05 November 2007 02:10:12 Juri Mianovich wrote:
Is there a way to tell ipfw:
all interfaces currently configured on this system ?
That's not possible directly, I think.
I have a laptop and at any time I could plug in a USB
NIC or plug in a pccard, in addition to the onboard
LAN
Is there a way to tell ipfw:
all interfaces currently configured on this system ?
I have a laptop and at any time I could plug in a USB
NIC or plug in a pccard, in addition to the onboard
LAN and WIFI, either of which may or may not be
configured at boot time.
So the point is, the active,
On Sun, 4 Nov 2007 16:10:12 -0800 (PST)
Juri Mianovich [EMAIL PROTECTED] wrote:
Is there a way to tell ipfw:
all interfaces currently configured on this system ?
...
So if I have a rule like:
allow ip from any to any via iwi0
You don't have to use via in a rule.
Is there a way to tell ipfw:
all interfaces currently configured on this system ?
I have a laptop and at any time I could plug in a USB
NIC or plug in a pccard, in addition to the onboard
LAN and WIFI, either of which may or may not be
configured at boot time.
So the point is,
Hello,
I have observed the following behavior in IPFW (note the asterisks):
ipfw add 1000 allow tcp from 10.1.2.3 to 10.3.2.1 ** in
gets added to the rule list as:
01000 allow tcp from 10.1.2.3 to 10.3.2.1 *dst-port * in?
Why does IPFW convert my to dst-port and
because log_in_vain is 1.
Question: What IPFW rule would block this without interfering with
normal http traffic on port 80 (I have Apache running on the box and
nat'd machines on the inside interface that access the Internet)?
In most peoples' configurations, this would be getting blocked by a
default
is 1.
Question: What IPFW rule would block this without interfering with
normal http traffic on port 80 (I have Apache running on the box and
nat'd machines on the inside interface that access the Internet)?
In most peoples' configurations, this would be getting blocked by a
default block-all
I get this message (below) on the console of my FreeBSD 4.10 firewall:
Connection attempt to TCP my public ip:20388 from 61.151.248.42:80
flags 0x12
It appears that this is getting through the firewall and is logged to
the console because log_in_vain is 1.
Question: What IPFW rule would block
I am using Doorman (http://doorman.sourceforge.net)as a port knocking
daemon and I need to write a short script that adds and deletes rules to
the ipfw firewall. I can add them just fine, but I can't find the best
way to delete them. Is the only way to specify the exact rule number?
Below is the
--On Sunday, July 18, 2004 11:43 AM -0600 Aaron Dalton
[EMAIL PROTECTED] wrote:
I am using Doorman (http://doorman.sourceforge.net)as a port knocking
daemon and I need to write a short script that adds and deletes rules to
the ipfw firewall. I can add them just fine, but I can't find the best
Hi,
I use FreeBSD 4.9-Stable, with IPFW2 compiled in.
I have an ipfw rule as follows:
ipfw allow udp from 11.22.33.44 to any in via rl0
which works fine for my purpose (I faked the IP address for this email).
Next I needed to add MAC-checking on this rule, so to begin with
I tried to add a dummy
),
or recvfrom(2). In the latter case, the address returned
will have its port set to some tag supplied by the packet
diverter, (usually the ipfw rule number)
But I cant seem to get it to do so, nor am i really sure I want
it to do so. I still need the source and dest ip
, but that wouldn't allow a connection either...
It's a bit confusing...
Thanks again,
D
From: Lowell Gilbert [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Drew Robertson [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: IPFW Rule set question...
Date: 24 Dec 2003 16:43:49 -0500
Drew
Drew Robertson [EMAIL PROTECTED] writes:
I have enabled SSH, TELNET and FTP on my freeBSD 4.8 box at home... it
is dual homed, 2 NICs one for the internal LAN one running my cable
modem. Everything works fine on the internal side.
When accessing the box using any of those apps from work,
Just a very quick suggestion - when you get an initial connection that
closes almost immediately, it is usually TCP wrappers rather than a
firewall. Have you checked /etc/hosts.allow?
- Original Message -
From: Drew Robertson [EMAIL PROTECTED]
Subject: IPFW Rule set question...
Hi
Hi everyone,
Thanks to those who take the time to read and reply to these emails.
I have a strange issue regarding my firewall (IPFW)...
I have enabled SSH, TELNET and FTP on my freeBSD 4.8 box at home... it is
dual homed, 2 NICs one for the internal LAN one running my cable modem.
Hello
I am running 4.7-release p6 as a gateway (ipfw+natd). Thanks to those of you who
helped me firm up my ruleset. Natd is running and configured, however, I am not able
to do port redirection or http from the outside. (Firewall disk crashed over the
weekend, and I didn't have things
Hello
I am running 4.7-release p6 as a gateway (ipfw+natd). Thanks to
those of you who helped me firm up my ruleset. Natd is running
and configured, however, I am not able to do port redirection or
http from the outside. (Firewall disk crashed over the weekend,
and I didn't have things
Hello,
Primary harddisk failed on my 4.7-release gateway (ipfw+natd) box last weekend, and I
had not backed things up properly. Attached is my ipfw ruleset. After the rebuild, I
rewrote things from memory.
When I remove the default deny rule from the list, nat works fine, port redirections
- Forwarded Message -
DATE: Tue, 25 Feb 2003 16:06:22
From: Joshua Lokken [EMAIL PROTECTED]
To: Questions [EMAIL PROTECTED]
Hello,
Primary harddisk failed on my 4.7-release gateway (ipfw+natd) box last weekend, and I
had not backed things up properly. Attached is my ipfw
On 2003-02-25 16:09, Joshua Lokken [EMAIL PROTECTED] wrote:
When I remove the default deny rule from the list, nat works fine,
port redirections and all, but with the deny rule in place, nat
isn't working, so I'm thinking I have a rule in the wrong place.
Can anyone point out any obvious
On Wed, 26 Feb 2003 02:25:12
Giorgos Keramidas wrote:
On 2003-02-25 16:09, Joshua Lokken [EMAIL PROTECTED] wrote:
When I remove the default deny rule from the list, nat works fine,
port redirections and all, but with the deny rule in place, nat
isn't working, so I'm thinking I have a rule
Hi,
I am trying to create these two ipfw rules:
deny all packets with an ack of zero
deny all tcp packets with no MSS specified
Can anyone show me the syntax to do that ? Also, comments on bad things
that could happen if I put these in are appreciated. AFAIK, the only
thing that can
29 matches
Mail list logo