ipfw FWD and NOT ME bug while SSHing ?
hugle
hugle at vkt.lt
Thu Apr 15 16:48:19 PDT 2004
h> Hello all.
h> I've just noticed some problems here.... look :
h> whilee sshing to the server after running such command:
h> bash-2.05b# ipfw add 3032 fwd x.x.x.1 ip from 192.168.0.0/16 to
h> not me && sleep 15 && ipfw delete 3032 &
h> I've got 'disconencted' from ssh for 15 seconds, console hanged up.
h> But I was able to ping the machine
h> BUT I wasn't able to ssh to this machine with its IP 192.168.x.x while
h> sshing to x.x.x.59 to the same machine I've got IN (and after rule
h> automaticaly removed after 15 sec this ocnsole hanged up)
h> And after 15 seconds i was able to INPUT further..
h> Doesn anyone met this problem before?
h> PS.
h> 03020 5274 4396532 fwd z.z.z.161 ip from
h> 192.168.0.0/16 to not me dst-port 22
h> command like that didn't take any affect after adding, was able to
h> SSH.
tried also adding such rules:
fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 112-442
fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 445-1862
fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 1864-2081
fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 2083-3999
fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 4001-5049
fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 5051-5189
fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 5191-6110
fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 6120-6665
fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 6668-7000
fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 8000-9999
fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 10001-27014
fwd x.x.x.1 ip from 192.168.0.0/16 to not me dst-port 27016-65000
wlso blocked access to SSH.
what is the clue ?
thanks.
More information about the freebsd-ipfw
mailing list