Anyone using doormand
fbsd_user at a1poweruser.com
Wed Jun 22 18:53:01 GMT 2005
I read your post and was interested about what doorman does so I
installed it on my 5.4 system.
Running doormand from the command line does start the daemon after
the .cf and guestlist pass syntax test. You will see it running with
ps ax command. Remember doorman creates firewall rules on the fly
to allow the TCP packets pass through the firewall and then removes
them at the close of the session. Your firewall rules must pass
inbound udp packets on port 1001. If you have that closed in you
firewall rules doorman will never be triggered. I found running
doormand -D will display any config file syntax errors to the
console. If you change from the default /var/log/messages log file
you have to give the new log file permission of rwx just for root
user. That maybe why you see nothing in your custom log. I have not
got it working yet on allowing telnet in from public internet. I am
testing it using ipfilter firewall. You also have to create
/usr/local/etc/rc.d/doormand.sh script so doormand will be started
at boot time. Will let you know my results later.
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Gene
Sent: Tuesday, June 21, 2005 7:42 AM
To: freebsd-questions at FreeBSD. ORG
Subject: Anyone using doormand
Has anyone implemented the doorman port knocking package?
I tried to get it going on 5.4, but when I start doormand, I can
evidence of it listening to it's default port (1001).
I've checked the config (see below) but all seems correct. I can
of doormand or port 1001 in the output of netstat or sockstat.
have no discernible effect, telnet connections are refused, and
in the doorman's log file.
The doormand.cf file:
connection_delay_1 100000 # 1/10th second (delay is in
freebsd-questions at freebsd.org mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions