No subject
Gerald Gauthreaux
mass_design at yahoo.com
Thu Aug 14 19:52:30 PDT 2003
Hey guys. Got my firewall to function with natd. It
works fine
except for the fact that everything is open(I think).
zero_gate# ipfw -a l
00100 10061 4078454 divert 8668 ip from any to
any via sis0
06500 13504 5987495 allow ip from any to any
65535 1266 315654 deny ip from any to any
zero_gate#
Of course sis0 is the WAN interface, and rl0 is the
LAN interface.
The problem comes in when I take out rule 6500 (allow
ip from any to
any), and allow certain ports in, and all ports out.
It seem like
nothing comes in unless I specify the outside ip.
Example, 53 is
allowed in and out but no response when I add the ip
of my DNS server
it will work
All out
00700 7 376 allow tcp from
192.168.1.0/24 to any
00800 5 696 allow udp from
192.168.1.0/24 to any
DNS
00500 0 0 allow tcp from any to any
dst-port 53
00600 40 2699 allow udp from any to any
dst-port 53
This is what makes it work.
01800 8 2459 allow udp from
68.xxx.xxx.xxx to any
Do you know of a better way to do this. Any light you
could shed on
this would be greatly appreciated.
Thanks,
Beau
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
More information about the freebsd-ipfw
mailing list