Thank you for your very prompt reply. I tried your suggestion and it
didn't work. I do not know why. Is the location where I place this in
the client profile important?
I have also tried the person's actual IP address as well as the IP
address of the router (just in case it is not doing something weird)
to no avail.
What is the easiest way of making changes to the firewall rules and
applying them so I do not have to reboot each time? I assume a
kldunload ipfw.ko and then a kldload ipfw.ko should do it, but I
don't want to risk doing something incorrect while I am trying to
debug my current problem.
On Apr 5, 2006, at 10:08 PM, Ean Kingston wrote:
You neglected to include the 'add' in your first fwcmd.
You may want to try something simple to start with. I haven't used
ipfw in a
while so hopefully my syntax is still good. Here is a simple
starting point:
# Allow person SSH access
mip="xxx.xxx.xxx.xxx" # IP Address of person
${fwcmd} add allow tcp from ${mip} to me 22 in # allow connection
to ssh
${fwcmd} add allow tcp from me 22 to ${mip} out # allow me to respond
I think all you really need is this:
# Allow setup of incoming ssh
${fwcmd} add pass tcp from ${mip} to ${ip} 22 setup
Since the rest of it should be taken care of by the rest of the
'client' ipfw
setup.
On Wednesday 05 April 2006 21:50, Anthony M.Agelastos wrote:
Hello everyone,
Allow me to preface my problem by saying that I am very ignorant when
it comes to networking. I do apologize if this is trivial. In any
event, I enabled the "client" ifpw firewall located in /etc/
rc.firewall. This appears to work well for my needs... except for one
additional item. I need someone outside of my network to have SSH
access to my machine. I know his/her IP address. So, I have added
some additional items to rc.firewall for this. Here is what I added.
# Allow person SSH access
mip="xxx.xxx.xxx.xxx"
${fwcmd} allow tcp from any to any 22 out setup keep-state
${fwcmd} add pass tcp from ${mip} to me 22 setup limit src-
addr 2
I have tried many, many differing variations of this from items I
have found online. I cannot get any of them to work. My network setup
is as follows
internet -> cable modem -> netgear router -> freebsd 6.1-prerelease
This user can SSH into my machine when I set the firewall to "open".
Any ideas?
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
--
Ean Kingston, BSc, CISSP, ARO
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-
[EMAIL PROTECTED]"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
