ipf not working correctly???
fbsd_user at a1poweruser.com
Tue Jun 21 21:20:01 GMT 2005
Your first problem is you have ipfw and ipf both turned on in kernel
You can only have one firewall on at a time.
Remove all "firewall" and ipf statements from the kernel and
recompile or just use the generic kernel. Then remove all "firewall"
and "natd' statements from rc.conf.
Then go back and read the FreeBSD handbook section on firewalls it's
been updated to give detailed instructions on what to do. Follow
then to the letter and you will be all set.
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of RYAN vAN
Sent: Tuesday, June 21, 2005 3:58 PM
To: freebsd-questions at freebsd.org
Subject: ipf not working correctly???
Hello all i use FreeBSD stable 4.11 and wish to use built in ipf
3.x something.i have been using ipfw with type set to open however i
have recently been attacked and need to beef up security.
I have followed the basic setup that is in the freebsd handbook and
through the world famous ipf howto lots of times.
Currently I have the below options compiled into my kernel the docs
have read say you do not need to compile ipfilter options into the
kernel to use it. I was going to uncomment the ipfilter stuff and
comment out the ipfirewall options when I got ipfilter working. Is
necessary to recompile the kernel without ipfirewall options to make
IN MY /etc/rc.conf==========================
#IPF & IPNAT
ipfilter_enable="YES" # Start ipf firewall
#ipfilter_rules="/etc/ipf.rules" # loads rules definition text
ipmon_enable="YES" # Start IP monitor log
ipmon_flags="-Ds" # D = start as daemon, s = log to
syslog, v =
ipnat_enable="YES" # Start ipnat function
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
AS WELL AS THIS TO TURN OF IPFILTER AND NATD
#IPFW & NATD
# the rule that forwards everthing
map xl0 192.168.0.0/16 -> 0/32
rdr xl0 0/32 port 5801 -> 192.168.0.1 port 5801
rdr xl0 0/32 port 5901 -> 192.168.0.1 port 5901
rdr xl0 0/32 port 5802 -> 192.168.0.1 port 5802
rdr xl0 0/32 port 5902 -> 192.168.0.1 port 5902
PLEASE FIND MY ipf.rules ATTACHED TO this email I have even tried to
the following rules set to see if I could get ipf to work as an open
firewall but it still seems to block to much.
pass out quick on lo0 all
pass in quick on lo0 all
pass out quick on xl1 all
pass in quick on xl1 all
pass out quick on xl0 all
pass in quick on xl0 all
when I ping google.ca I get errors about unknown hostname. When I
googles ipaddress I get permission denied over and over again. When
try to use lynx I get alert destination host unreachable. Seems
dns?? When I turn off ipf and use ipfw set to open everything works
again. Please someone help what is going wrong. ipmon/ipfstat do
seem to help but mabey i need some guidance with these tools.
More information about the freebsd-questions