ipfw and ssh

Anthony M. Agelastos iqgrande at gmail.com
Thu Apr 6 02:27:47 UTC 2006


Thank you for your very prompt reply. I tried your suggestion and it  
didn't work. I do not know why. Is the location where I place this in  
the client profile important?

I have also tried the person's actual IP address as well as the IP  
address of the router (just in case it is not doing something weird)  
to no avail.

What is the easiest way of making changes to the firewall rules and  
applying them so I do not have to reboot each time? I assume a  
kldunload ipfw.ko and then a kldload ipfw.ko should do it, but I  
don't want to risk doing something incorrect while I am trying to  
debug my current problem.


On Apr 5, 2006, at 10:08 PM, Ean Kingston wrote:

> You neglected to include the 'add' in your first fwcmd.
>
> You may want to try something simple to start with. I haven't used  
> ipfw in a
> while so hopefully my syntax is still good. Here is a simple  
> starting point:
>
> # Allow person SSH access
> mip="xxx.xxx.xxx.xxx"	# IP Address of person
> ${fwcmd} add allow tcp from ${mip} to me 22 in	# allow connection  
> to ssh
> ${fwcmd} add allow tcp from me 22 to ${mip} out	# allow me to respond
>
> I think all you really need is this:
>
> # Allow setup of incoming ssh
> ${fwcmd} add pass tcp from ${mip} to ${ip} 22 setup
>
> Since the rest of it should be taken care of by the rest of the  
> 'client' ipfw
> setup.
>
> On Wednesday 05 April 2006 21:50, Anthony M.Agelastos wrote:
>> Hello everyone,
>>
>> Allow me to preface my problem by saying that I am very ignorant when
>> it comes to networking. I do apologize if this is trivial. In any
>> event, I enabled the "client" ifpw firewall located in /etc/
>> rc.firewall. This appears to work well for my needs... except for one
>> additional item. I need someone outside of my network to have SSH
>> access to my machine. I know his/her IP address. So, I have added
>> some additional items to rc.firewall for this. Here is what I added.
>>
>>          # Allow person SSH access
>>          mip="xxx.xxx.xxx.xxx"
>>          ${fwcmd} allow tcp from any to any 22 out setup keep-state
>>          ${fwcmd} add pass tcp from ${mip} to me 22 setup limit src-
>> addr 2
>>
>> I have tried many, many differing variations of this from items I
>> have found online. I cannot get any of them to work. My network setup
>> is as follows
>>
>> internet -> cable modem -> netgear router -> freebsd 6.1-prerelease
>>
>> This user can SSH into my machine when I set the firewall to "open".
>> Any ideas?
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>
> -- 
> Ean Kingston, BSc, CISSP, ARO
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions- 
> unsubscribe at freebsd.org"



More information about the freebsd-questions mailing list