setting up ipfw

[Jamie]

   I am having a very difficult time setting up ipfw on a 4.8
installation. Was wondering if anyone might be able to shed some light on
this.

   I followed the directions in the handbook, and I compiled a new kernel
with these options, ( am going for a deny all by default, open services
as necessary philosophy):

options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10



   Upon rebooting, I was unable to access the machine from anywhere, which
is fine, because I have console access.

   Output of ifconfig -a looks like this:

 ifconfig -a
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 200.88.54.93 netmask 0xffffff00 broadcast 200.88.54.255
        inet6 fe80::203:47ff:fe77:8169%fxp0 prefixlen 64 scopeid 0x1
        ether 00:03:47:77:81:69
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500

   the name of the machine is power.bar.com


   I want to ssh in from another machine: foo.bar.com with IP address
200.88.34.12.



  This is the rule I am adding:


ipfw add allow tcp from 200.88.34.12 to power.bar.com 22


   It tells me it can't resolve power.bar.com!

So, I try:

ipfw add allow tcp from 200.88.34.12 to 200.88.54.93 22

   It accepts the rule, but I still cannot connect from foo.bar.com.

   Anyone have any ideas?


    - Jamie



"A friend is someone who lets you have total freedom to be yourself."