Operation: "ipfw on a gateway box"
Hiram Abiff
domain.admin at online.ie
Tue Feb 15 12:18:11 GMT 2005
I followed your advice and rewrote my firewall rules.
Although, even now, there are some major difficulties.
I still, can't acces the net from my 2 other computers
via my FreeBSD firewalled gateway.
Although I set up on it to allow traffic on
ports 21, 22, 53, 8080 I can only telent to port
21, all the others report a "connection refused" error.
I can ping the FreeBSD box, but i cannot ping any outside
IP addresseses from the FreeBSD box or the other boxes on my
home LAN.
Also when FreeBSD is booting I caught some error messages that
said unknow command "setup" for some of my firewall rules.
I'm getting desperate please assist me in any way possible.
Here's my fwrules file:
> fwcmd="/sbin/ipfw"
>
>
> #Outside interface
> oif="tun0"
>
>
> #Inside interface
> iif="rl0"
>
>
> # Force a flushing of the current rules before reload
> $fwcmd -f flush
>
>
> #Check the state of all packets
> $fwcmd add check-state
>
>
> #Divert all packets through the tunnel interface.
> $fwcmd add divert natd ip from any to any via $oif
>
>
> # Allow all data from my network card and localhost
> $fwcmd add allow all from any to any via lo0
> $fwcmd add allow ip from any to any via $iif
>
> # Allow all connections that I initiate
> $fwcmd add allow tcp from any to any out xmit $oif setup
>
>
> # Once connections are made, allow them to stay open
> $fwcmd add allow tcp from any to any via $oif established
>
>
> # Everyone on the internet is allowed to connect
> $fwcmd add allow tcp from any to any 22 setup
> $fwcmd add allow tcp from any to any 21 setup
> $fwcmd add allow tcp from any to any 8080 setup
> $fwcmd add allow tcp from any to any 53 setup
> $fwcmd add allow tcp from any to any 4662 setup
> $fwcmd add allow udp from any to any 4672 setup
>
>
> # This sends a RESET to all ident packets
> $fwcmd add reset log tcp from any to any 113 in recv $oif
>
>
> # Allow outgoing DNS queries ONLY to the specified servers
>
>
> $fwcmd add allow udp from any to 161.53.114.135 53 out xmit tun0
> $fwcmd add allow udp from any to 161.53.114.145 53 out xmit tun0
>
>
> # Allow them back in with the answers
>
>
> $fwcmd add allow udp from 161.53.114.135 53 to any in recv $oif
> $fwcmd add allow udp from 161.53.114.145 53 to any in recv $oif
>
>
> # Allow ICMP
> $fwcmd add 65435 allow icmp from any to any
>
>
> # Deny all the rest.
> #$fwcmd add 65435 deny log ip from any to any
--
"It was as though a veil had been rent. I saw on that ivory face
the expression of sombre pride, of ruthless power,
of craven terror -- of an intense and hopeless despair.
Did he live his life again in every detail of desire,
temptation, and surrender during that supreme moment
of complete knowledge?"
More information about the freebsd-questions
mailing list