Re: Setting a simple firewall for PPPoE connection
Hopefully you'll find this link helpful: http://www.defcon1.org/html/Networking_Articles/Firewall-Ipfw/firewall-ipfw.html. -- Dmitry yep, I did begin with that, but was not liking the fact that it was an exclusive firewall (the end rule is to accept anything) rather than an inclusive one. I realized I could use me for my IP address (making it easy to write rules even my ISP give me a dynamic IP address). After reading it, looking at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html was not looking so strange anymore, and contain a good inclusive example. I did modify it a bit, mostly to accept FTP connections. I realize this make much less secure, but I really like to use FTP links in my browser. I'll attach it to my message, so that wiser one than me could warn me if I made something stupid. I use /etc/rc.local to load the rules with a script containing: sh /etc/ipfw.rules Thanks for your help! -- http://www.fastmail.fm - Send your email first class ipfw.rules Description: Binary data ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What is 5.4 p2 ?
On Sat, 11 Jun 2005 18:46:51 -1000, Robert Marella [EMAIL PROTECTED] said: Paul Dufresne wrote: and more curious. I updated one of my systems to 5.4 p2 today Being a newcomer to FreeBSD, I understand about Release version, STABLE version and CURRENT one. But I don't understand this p2 you are refering to. I could guess it means point release 2, so I checked: http://www.freebsd.org/where.html But files seems to be for 5.4-RELEASe still from May 8. So what is 5.4 p2 ? [EMAIL PROTECTED]:~ uname -a FreeBSD p4.konav201.local 5.4-RELEASE-p2 FreeBSD 5.4-RELEASE-p2 #1: Fri Jun 10 11:45:43 HST 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/P4-5_4REL i386 It is my understanding that the p# stands for the second patch to 5.4 Release. Correct me if I am wrong. Robert Hum, let me reformulate this in my own words, to see if I understand. You are running 5-STABLE, and this is the second time 5-STABLE was generated from RELENG_5 branch since 5.4 was released. (I did looked at http://www.freebsd.org/releng/index.html to write this) Ok, fine, I was thinking that maybe there was some kind of 5.4.2 release, but no, there will be no official release to 5.4 until 5.5. -- http://www.fastmail.fm - Email service worth paying for. Try it for free ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
What is 5.4 p2 ?
and more curious. I updated one of my systems to 5.4 p2 today Being a newcomer to FreeBSD, I understand about Release version, STABLE version and CURRENT one. But I don't understand this p2 you are refering to. I could guess it means point release 2, so I checked: http://www.freebsd.org/where.html But files seems to be for 5.4-RELEASe still from May 8. So what is 5.4 p2 ? -- http://www.fastmail.fm - IMAP accessible web-mail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Setting a simple firewall for PPPoE connection
On Thu, 9 Jun 2005 18:22:45 +0200 (CEST), P.U.Kruppa [EMAIL PROTECTED] said: On Thu, 9 Jun 2005, dk dkrules wrote: I am very dissappointed. I have been looking on the net for 3 days now looking for easy setup guides or How to guides and setting up FreeBSD 5.x with transparent proxy and firewall and there simply is no easy way explaining to beginners how to do such a setup. 1) Before you start playing around with squid and firewall you have to make sure your FreeBSD box works as a gateway. 2) When this is done look into google for setup of squid as a transparent proxy (these are two or three entries in a config file). 3) enable firewall in /etc/rc.conf with lines like firewall_enable=YES firewall_script=/etc/firewall.conf 4) edit your /etc/firewall.conf with something like ipfw add 500 fwd 127.0.0.1 tcp from any to any 80 recv rl0 ipfw add 6 allow all from any to any where rl0 is the device name of your NIC. 5) reboot Well, I feel a bit like the original poster. I had in mind of activating a firewall for my PPPoE connection a bit like it is easy to do on Windows XP. So I began reading the handbook and found that there is mainly 3 different firewalls, and this put me with the problem of choosing one. IPFW seems to have default rules that would at first glance make it easy (would choose client setup for me). But then reading through /etc/rc.firewall I concluded that I had to set my IP address in it. But my ISP set it dynamically with PPPoE, so I did not know what to do next. So I thought that reading the ppp man page (yes, I use userland ppp program, but I think that there is a pppoed somewhere that I maybe should use instead), there is some kind of firewall rules that can be set inside ppp.conf. But I did not convince myself that it would help me with the fact that my IP address is dynamic. Now, maybe I can use 127.0.0.1 like you did in step 4 above, but I don't really understand these rules yet. It looks like to me the first one accept HTTP traffic (port 80) and that the second one accept every traffic. I would have expected that the second one would refuse every traffic, leaving only traffic from the first rule to go through. But the main question is: How to deal with dynamic IP address when writing firewall rules? -- http://www.fastmail.fm - Accessible with your email software or over the web ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting a simple firewall for PPPoE connection
There exists a very simple way to activate a firewall in freebsd: # /stand/sysinstall will open FreeBSD's installation menu. - Configure - Security - Security Profile gives you two options for standard firewalls. Actually, doing this on 5.4R I just have: Secure Level NFS Port Anyway, would these options setup a firewall that would adjust IP address when I use ppp? -- http://www.fastmail.fm - Accessible with your email software or over the web ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with HT support in 5.4
Oh, wait, it is probably just the last HT security patch, ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc. hmm... So basically, SMP can be enabled, but it won't use HT even if it sees a capable processor? Not sure but after reading: NOTE: For users that are certain that their environment is not affected by this vulnerability, such as single-user systems, Hyper-Threading Technology may be re-enabled by setting the tunable machdep.hyperthreading_allowed. I whould try: # echo machdep.hyperthreading_allowed=1 /boot/loader.conf but I am a newbie to FreeBSD using a Pentium II, and indeed the only user -I hope- of my system. --Paul ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HP LC II Netserver ACPI problem
1. Can't use ACPI on here. Machine not capable, apparently. Hence, the following: In my BIOS, I can enable and disable ACPI. (IBM PC 300GL). Could it be just that ACPI is disable in BIOS? 2. Have apic enabled in kernel no problems that I know of Watch out ACPI and apic are two different things. Your problem is with ACPI, when I boot without ACPI (option 2 in 5.4-RELEASE, I get the same error messages. Couldn't these messages be simply ignored? --Paul ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Lost /etc/group after installing mtools installed
I am on 5.4-RELEASE. Like I said in previous mail, my /etc/group file have become 0 bytes long after some problem. I first thought it was after rebooting following a computer hang (was hanging when dd if= of=/dev/fd0, but after having load default values in BIOS, seems to be fixed, was deactivating UART ports, USB, and parrallel ports, should try to find which was causing problems with floppy). But now I remembered that I installed mtools just before losing /etc/group. Maybe try to add a group the wrong way? I am still looking for a default /etc/group file. --Paul ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
