Re: Problems with ipfw and ssh

Wed, 11 Oct 2006 17:42:37 -0700 

On 2006-10-12 01:31, Spiros Papadopoulos <[EMAIL PROTECTED]> wrote:
>On 12/10/06, Giorgos Keramidas <[EMAIL PROTECTED]> wrote:
>> ,----------------------------------------------------------------
>> | [EMAIL PROTECTED]:/home/giorgos$ su -
>> | Password: ********
>> | [EMAIL PROTECTED]:/root# ipfw -d show
>> | 00050 168  30828 allow ip from any to any via lo0
>> | 00100   0      0 deny ip from any to 127.0.0.0/8
>> | 00150   0      0 deny ip from 127.0.0.0/8 to any
>> | 00200   0      0 check-state
>> | 00210 881 129402 allow tcp from me to any setup keep-state
>> | 00211   8    965 allow udp from me to any keep-state
>> | 00212   0      0 allow icmp from any to me icmptypes 0,3,4,11
>> | 00212   0      0 allow icmp from me to any
>> | 00250   0      0 allow udp from 10.6.0.131 to any dst-port 53 out via re0
>> | 00251   0      0 allow udp from any to 10.6.0.131 dst-port 53 in via re0
>> | 00300 649  92691 allow log logamount 5 tcp from any to any dst-port 22 
>> keep-state
>> | 65535 154  35966 deny ip from any to any
>> | ## Dynamic rules (12):
>> | [EMAIL PROTECTED]:/root#
>> `----------------------------------------------------------------
>> 
>> The only changes I made are:
>> 
>>   * Use 'any' instead of xx.xxx.x.xx as the UDP address.
>> 
>>   * Change ${ip} to my own address
>> 
>>   * Change ${nic} to my own interface name
>> 
>> I can connect to other hosts and ssh back into my workstation
>> with this ruleset :-/
>> 
>> Sorry, but I'm not sure why in your case this fails to work.
>
> Now this is strange. I will try again tomorrow evening more
> carefully and i will post any results.
>
> Initially i sent the mail because of the failure to su as root
> (as described also in that post i referenced) after i was
> logging in as normal user canonically. So it was working as you
> said.  But can you su to root after connecting?

Yes.  See above.  The `ipfw -d show' command shown there was
after I looped using SSH from my workstation to another system
and back again.

> Sorry i will not be able to reply again tonight

No problem.  Take your time.  There is definitely a logical
explanation why this is happening, even if that explanation is
`there is a bug in ipfw and 5.4' :)

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to