IPFW Rule set question...
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Wed Dec 24 13:43:54 PST 2003
"Drew Robertson" <the_brothel at hotmail.com> writes:
> I have enabled SSH, TELNET and FTP on my freeBSD 4.8 box at home... it
> is dual homed, 2 NICs one for the internal LAN one running my cable
> modem. Everything works fine on the internal side.
>
> When accessing the box using any of those apps from work, the system
> looks to briefly connect and then returns a "Connection Lost" or
> "Connection closed by remote host error".
>
> The command setup to allow in access is as follows...
>
> 820 allow log tcp from any to me 22 limit src-addr 4 in recv tl0 setup
> 830 allow log tcp from any to me 23 limit src-addr 4 in recv tl0 setup
I assume these are supposed to have "keep-state" in them.
It *is* written that way in the full ruleset you posted lower down.
> when this didn't work I added another command at the start of the
> ruleset to just let everything in from a particular IP address range...
>
> 202 allow ip from 203.10.10.0/24 to any
>
> however this produced the same error...
>
> It wasn't until I allowed all from any to any that I was able to connect...
Then the packets aren't actually being seen as coming from that
address. Maybe you're running into NAT modifications?
> When checking out the security log, it tells me that rule 820 is
> allowing access to my computer at home...
But only for SYN packets...
--
Lowell Gilbert, embedded/networking software engineer, Boston area:
resume/CV at http://be-well.ilk.org:8088/~lowell/resume/
username/password "public"
More information about the freebsd-questions
mailing list