Dear All,
I'm having a hard time configuring a firewall. I ALMOST understand it,
but I've run into one problem. I think I don't actually have my
/etc/rc.firewall set up properly. Maybe I don't really understand what
the "ip" setting should be, and I've made it the same as my "net"
setting. Anyway, what I can say is that with the configuration I have, I
can access my internal (ethernet) network, but ppp is totally blocked,
which of course I don't want.
Below are the configuration settings I've made, and the results I get. I
hope that somebody can help.
best regards,
Robert Storey
FROM /etc/rc.conf:
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="client"
FROM /etc/rc.firewall:
# set these to your network and netmask and ip
net="192.168.0.2"
mask="255.255.255.0"
ip="192.168.0.2"
CONTENT OF /etc/hosts:
#
::1 localhost localhost.utopia.com
127.0.0.1 localhost localhost.utopia.com
#
192.168.0.3 ibm.utopia.com ibm
192.168.0.2 sonic.utopia.com sonic
192.168.0.1 pro.utopia.com pro
OUTPUT OF "ipfw -a list":
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 allow ip from 192.168.0.2 to 192.168.0.0/24
00500 0 0 allow ip from 192.168.0.0/24 to 192.168.0.2
00600 0 0 allow tcp from any to any established
00700 0 0 allow ip from any to any frag
00800 0 0 allow tcp from any to 192.168.0.2 dst-port 25 setup
00900 0 0 allow tcp from 192.168.0.2 to any setup
01000 0 0 deny tcp from any to any setup
01100 0 0 allow udp from 192.168.0.2 to any dst-port 53 keep-state
01200 0 0 allow udp from 192.168.0.2 to any dst-port 123 keep-state
65535 0 0 deny ip from any to any
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
