Not just that, but it doesn't appear to be logging the events, even
after I added
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5
to /etc/sysctl.conf and
firewall_logging="YES"
into /etc/rc.conf, i see no updates to /var/log/security after the
ssh attempt failed. What am I doing wrong here? Thanks again everyone
for all of your help.
On Apr 5, 2006, at 10:08 PM, Ean Kingston wrote:
You neglected to include the 'add' in your first fwcmd.
You may want to try something simple to start with. I haven't used
ipfw in a
while so hopefully my syntax is still good. Here is a simple
starting point:
# Allow person SSH access
mip="xxx.xxx.xxx.xxx" # IP Address of person
${fwcmd} add allow tcp from ${mip} to me 22 in # allow connection
to ssh
${fwcmd} add allow tcp from me 22 to ${mip} out # allow me to respond
I think all you really need is this:
# Allow setup of incoming ssh
${fwcmd} add pass tcp from ${mip} to ${ip} 22 setup
Since the rest of it should be taken care of by the rest of the
'client' ipfw
setup.
On Wednesday 05 April 2006 21:50, Anthony M.Agelastos wrote:
Hello everyone,
Allow me to preface my problem by saying that I am very ignorant when
it comes to networking. I do apologize if this is trivial. In any
event, I enabled the "client" ifpw firewall located in /etc/
rc.firewall. This appears to work well for my needs... except for one
additional item. I need someone outside of my network to have SSH
access to my machine. I know his/her IP address. So, I have added
some additional items to rc.firewall for this. Here is what I added.
# Allow person SSH access
mip="xxx.xxx.xxx.xxx"
${fwcmd} allow tcp from any to any 22 out setup keep-state
${fwcmd} add pass tcp from ${mip} to me 22 setup limit src-
addr 2
I have tried many, many differing variations of this from items I
have found online. I cannot get any of them to work. My network setup
is as follows
internet -> cable modem -> netgear router -> freebsd 6.1-prerelease
This user can SSH into my machine when I set the firewall to "open".
Any ideas?
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
--
Ean Kingston, BSc, CISSP, ARO
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-
[EMAIL PROTECTED]"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"