Newbie IPFW Questions
Jim Campbell
jim-c at charter.net
Mon Jul 18 03:18:37 GMT 2005
I have a machine set up as a classroom to learn about FreeBSD. It is
running 4.11 primarily because anything later can't see my hard drive.
As background, my FBSD machine has an address of 192.168.1.110. It is
situated behind a hardware firewall (a Linksys router). $pif is vr0.
I'm having problems setting up IPFW to communicate with an Onion router.
The puzzling part is that I am able to use the Onion router but my
/var/log/security file says that some of the packets are being dropped.
Following is what I hope are the pertinent lines from my /etc/ipfw.rules
file:
$cmd 00225 allow tcp from me to any 9001-9033 out via $pif setup keep-state
$cmd 00299 deny log all from me to any out via $pif
$cmd 00332 deny log tcp from any to me established in via $pif
Next is an excerpt from the /var/log/security file:
Jul 17 21:49:58 JimsP1G /kernel: ipfw: 299 Deny TCP 192.168.1.110:2218
128.148.34.133:9001 out via vr0
Jul 17 21:49:59 JimsP1G /kernel: ipfw: 299 Deny TCP 192.168.1.110:4959
131.175.189.134:9001 out via vr0
Jul 17 21:50:18 JimsP1G /kernel: ipfw: 332 Deny TCP 128.148.34.133:9001
192.168.1.110:2218 in via vr0
Jul 17 21:50:29 JimsP1G /kernel: ipfw: 332 Deny TCP 131.175.189.134:9030
192.168.1.110:4566 in via vr0
Now my questions. First, why isn't rule 225 allowing all the packets out
to the Onion router? It seems to me that ipfw should allow all packets
in the port range 9001-9033 out or none.
Next, the two inbound packets should be returning in response to an
outbound packet. Why are they being dropped? Are they exceeding some
timeout?
Thanks in advance.
Jim Campbell
More information about the freebsd-questions
mailing list