hello again list!
my firewall is setup in freebsd 4.5 and had not implemented nat.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
PROTECTED] Behalf Of Martin
Schweizer
Sent: Friday, February 13, 2004 2:07 AM
To: [EMAIL PROTECTED]
Subject: Firewall rules for ftp
Hello
Until now I tested a lot regarding ftp and ipfw but with no 100%
success.
What are the correct ipfw rules for ftp (regarding dir and ls,
passive etc
It would help if you posted you ipfw rules file so people can review
them to look for your problem.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Martin
Schweizer
Sent: Friday, February 13, 2004 2:07 AM
To: [EMAIL PROTECTED]
Subject: Firewall rules for ftp
I'm upgrading the hardware on my webserver. It will run FreeBSD 4.9.
I need to decide whether to use a hardware firewall (Cisco) or use ipfw,
ipf, pf, etc.
The hardware firewall will increase my monthly server rental bill by
almost 30%. So I'm wondering if the significant extra cost is worth
On Thu, 12 Feb 2004 12:37:45 -0800
[EMAIL PROTECTED] wrote:
I'm upgrading the hardware on my webserver. It will run FreeBSD
4.9.
I need to decide whether to use a hardware firewall (Cisco) or use
ipfw, ipf, pf, etc.
The hardware firewall will increase my monthly server rental bill
Hello
Until now I tested a lot regarding ftp and ipfw but with no 100% success.
What are the correct ipfw rules for ftp (regarding dir and ls, passive etc.)?
System: FreeBSD 4.9, NAT, ipfw, LAN 192.168.1.0/24, WAN: dyn. WAN ip over ADSL
--
Regards
Martin Schweizer
[EMAIL PROTECTED]
other services are launched by xinetd (I've checked xinetd
- it's ok and works well from the LAN side).
I've included sample sessions with tcpdump output, firewall
rules, etc. below. Any help at all is greatly appreciated.
Thanx
From /etc/rc.conf:
firewall_enable=YES
[EMAIL PROTECTED] wrote:
[SNIP]
From /etc/rc.conf:
firewall_enable=YES # Set to YES to enable firewall functionality
firewall_script=/etc/rc.firewall # Which script to run to set up the
firewall
firewall_type=OPEN# Firewall type (see /etc/rc.firewall
I'm trying out 5.1 and 5.2, and with each, I utilize IPFW2 for the
firewall. My rules allow passive FTP from the server, but often this
does not seem to cover me when adding ports. To temporarily solve this
(each time with the intention to find the correct solution) I just add a
rule at the top
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Chris
Nowlin
Sent: Friday, February 06, 2004 11:58 AM
To: [EMAIL PROTECTED]
Subject: firewall rule(s) for ports and packages
I'm trying out 5.1 and 5.2, and with each, I utilize IPFW2 for the
firewall. My rules allow passive FTP from the server
Unfortunately, I do not have control over my firewall.
Original Message Follows
From: Kent Stewart [EMAIL PROTECTED]
To: Anthony Discolo [EMAIL PROTECTED], [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: ftp/fetch/cvsup behind a firewall
Date: Mon, 2 Feb 2004 19:16:37 -0800
On Monday
Unfortunately, I do not have control over my firewall.
Original Message Follows
From: Kent Stewart [EMAIL PROTECTED]
To: Anthony Discolo [EMAIL PROTECTED], [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: ftp/fetch/cvsup behind a firewall
Date: Mon, 2 Feb 2004 19:16:37 -0800
Hello.
I want to use FreeBSD 5.2 on a standalone deskto I am trying to put up a
firewall. For now i have been trying to use the client version in
rc.firewall. I have a LAN connection with dynamic ip adress.
How do I get the rc.firewall to know that I have dynamic adresses?
It worked yesterday
Vikash Badal - PCS wrote:
Greetings,
-Original Message-
From: Nicolas [mailto:[EMAIL PROTECTED]
Sent: 02 February 2004 12:28
To: [EMAIL PROTECTED]
Subject: Newbie firewall
SNIP
/SNIP
Hope that somebody wants to waste some time on my question.
Many thanks Nicolas.
If you
Thank you again. Now it works fine.
Nicolas
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
I'm trying to get this to work with a non-Linux firewall.
Mozilla can access the ftp site with the proxy server configured, but I
haven't been able to get ftp to work with a proxy server.
Any help would be greatly appreciated.
Thanks,
Anthony
On Mon, 2004-02-02 at 09:55 -0800, Anthony Discolo wrote:
Mozilla can access the ftp site with the proxy server configured, but I
haven't been able to get ftp to work with a proxy server.
For fetch via proxy see:
/usr/share/examples/etc/defaults/make.conf
Copy this file to /etc and edit the
I don't have a /usr/share/examples/etc/defaults/make.conf, but I have a
/usr/share/examples/etc/make.conf. But it doesn't have a FETCH_ENV line in
it.
I'm sure someone has been successful in running cvsup behind a firewall?
After all, don't all these tools use ftp indrectly?
Thanks
I don't have a /usr/share/examples/etc/defaults/make.conf, but I have a
/usr/share/examples/etc/make.conf. But it doesn't have a FETCH_ENV line in
it.
I'm sure someone has been successful in running cvsup behind a firewall?
After all, don't all these tools use ftp indrectly?
Thanks
On Mon, 2004-02-02 at 11:12 -0800, Anthony Discolo wrote:
I don't have a /usr/share/examples/etc/defaults/make.conf, but I have a
/usr/share/examples/etc/make.conf. But it doesn't have a FETCH_ENV line in
it.
# If you're behind a firewall and need FTP or HTTP proxy services for
# ports
(where file is a valid file)
fetch: http://ftp.freebsd.org/file: Host not found
Original Message Follows
From: Khairil Yusof [EMAIL PROTECTED]
To: Anthony Discolo [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: ftp/fetch/cvsup behind a firewall
Date: Tue, 03 Feb 2004 03:23:32 +0800
On Monday 02 February 2004 11:18 am, Anthony Discolo wrote:
I don't have a /usr/share/examples/etc/defaults/make.conf, but I have
a /usr/share/examples/etc/make.conf. But it doesn't have a FETCH_ENV
line in it.
I'm sure someone has been successful in running cvsup behind a
firewall? After
Hi, I'm trying to replace my Linksys
router/firewall/nat box with a FreeBSD box...I'm
in the configuring/testing phase before I put it
into production...
My *potential* problem is that my ISP
(Cablevision) re-addresses their DNS servers
often. My question is: is there a way to
dynamically update
On Feb 1, 2004, at 2:24 PM, Edward Carmody wrote:
Hi, I'm trying to replace my Linksys
router/firewall/nat box with a FreeBSD box...I'm
in the configuring/testing phase before I put it
into production...
My *potential* problem is that my ISP
(Cablevision) re-addresses their DNS servers
often. My
to
maintainers of Linux firewall distributions since
it allows dns configuration to be made automatic.
Bingo, 100%. Thanks, Luke. I owe you a beer...
-Original Message-
From: Luke Johannsen [mailto:[EMAIL PROTECTED]
Sent: Sunday, February 01, 2004 3:48 PM
To: Edward Carmody
Cc: [EMAIL PROTECTED
. This
facility will be of particular interest to
maintainers of Linux firewall distributions since
it allows dns configuration to be made automatic.
Bingo, 100%. Thanks, Luke. I owe you a beer...
Glad to help and hope it works for your needs. By the way
http://www.blvdbeer.com/ :)
Cheers,
Luke
On Wed, 28 Jan 2004 07:15:46 +0100
Nicolas [EMAIL PROTECTED] wrote:
Hello.
I have just installed 5.2 on my machine and everything works. Now I
am trying to configure it and I want to put up a firewall but a
everything I read seem to refer to a dial up connection, I have a
LAN connection.So
On Wed, 28 Jan 2004 07:15:46 +0100
Nicolas [EMAIL PROTECTED] wrote:
Hello.
I have just installed 5.2 on my machine and everything works. Now I am
trying to configure it and I want to put up a firewall but a
everything I read seem to refer to a dial up connection, I have a LAN
connection.So
Nicolas wrote:
I have just installed 5.2 on my machine and everything works. Now I am
trying to configure it and I want to put up a firewall but a everything
I read seem to refer to a dial up connection, I have a LAN connection.So
my question(s) is: is there a difference between a firewall
Hello.
I have just installed 5.2 on my machine and everything works. Now I am
trying to configure it and I want to put up a firewall but a everything
I read seem to refer to a dial up connection, I have a LAN connection.So
my question(s) is: is there a difference between a firewall for a dial
ipfilter and ipnat instead of natd and ipfw - with the
same results.
i've noticed that if i turn on the firewall my pings to the isp's router are much much
less reliable, sometimes losing 30%+ of the packets but generally degraded compared to
the setup with no firewall enabled.
the firewall
Andrew L. Gould [EMAIL PROTECTED] writes:
Can someone access your computer by a port if nothing is listening to that
port?
Hopefully not.
If not, then if you turn off services that you don't use and need to access
used services remotely (i.e. let them through a firewall), do you need
Good day all,
I'm attempting to setup NTP on two FreeBSD servers. To maximize security, I
have configured NTP to only synchronize itself from a few other servers, and
not offer NTP to other servers. The server runs IPF, which also blocks
access to NTP. The problem is, the servers don't seem to
with this server. I
assume all the servers in your ntp.conf are public ones that your host is
allowed to use?
The firewall rules look OK, although you might want to add 'log' to your
default block rule while diagnosing a problem like this, so you'll be told
if ipf is blocking any of the packets
]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Mitchell
Sent: Thursday, January 22, 2004 2:42 AM
To: 'Edward Aronyk'; [EMAIL PROTECTED]
Subject: RE: NTP doesn't work behind IPF firewall?
[EMAIL PROTECTED] wrote:
I know ntp is running because it updates the driftfile,
and ps shows it's active:
# ps
happens if you set xntpd_enable=NO in rc.conf? Do you
still end up with an ntpd process running after a reboot?
On the plus side, it looks as though your firewall is fine.
Scott
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman
through a firewall), do you need a
firewall?
Thanks,
Andrew Gould
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
also you can get PCI doublers... no idea how well they work,
but! anyone had
experience of them?
You can always get the Intel dual/quad server NIC's. Even come in dual gig-e
flavor!
Brent
___
[EMAIL PROTECTED] mailing list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 19 November 2003 14:24, Francisco Reyes wrote:
My primary concern is the network card. Since these small machines only
have one PCI slot I will add one card for the internal network and then
would need the onboard card to connect to
an ipfw
firewall on BSD. There are some good tutorials out there. If you really
don't know where to start this will be valuable.
As you get more familiar you may want to look at fwbuilder.org as this
provides a graphical interface for policy generation but I do suggest you
are familiar
On Wed, 7 Jan 2004, Wayne Pascoe wrote:
Why not just try it?
Because it's a commercial hosting operation pushing up to 20Mb/s with
SLA's to our clients.
My biggest fear is not that this won't work, but that it will work but
with intermittant bugs.
Introducing a new machine has a certain
this machine to the
firewall, I then have less resources available for hosting.
Another alternative.. prepare both machines. Have the better machine ready
to do an able to be connected/switched to at a moments notice. Put the
slower machine on at the slowest day. Monitor it closely as traffic grows
forward, yes. Thanks.
Also go over the kernel and disable anything you don't need. I have never
needed to squeeze every cycle of performance out of a machine, but it
should help to reduce un necessary programs from been run.
You may also try to find from others which firewall is more efficient
Hello, i am trying to make my webserver accessible to the net, i tried
to run the out of the box rc.firewall, but there was some default rules
which blocked the 192.168.0 network which is my local lan lol, so killed
it instead of helped it, anyway i tried setting it to open, but still
wont allow
Hi,
For example if you are using clint mode than go to client section for
firewall configuration you will se mynetwork en subnet section check you
wrote everything is correct.
f you have two difference network then add sone veriables like in example
of rc.conf which include 192.168.0.0
Hi all,
I'm trying to place a FreeBSD firewall into our network. It needs to be
able to filter traffic for up to 50 machines using a total of up to 128
IP addresses between them.
The daily average traffic inbound is 4276.3 kb/s with today's max being
7695.0 kb/s. We do need to be able to cope
On Wed, 7 Jan 2004, Wayne Pascoe wrote:
Pentium III 667 Mhz with 512MB RAM
2 x Intel EtherExpress 100Mb cards
Would either of these machines be able to meet my firewall requirements
Why not just try it?
It should be fairly simple to move from one machine to the other if need
On Wed, Jan 07, 2004 at 01:36:25PM +, Francisco wrote:
On Wed, 7 Jan 2004, Wayne Pascoe wrote:
Pentium III 667 Mhz with 512MB RAM
2 x Intel EtherExpress 100Mb cards
Would either of these machines be able to meet my firewall requirements
Why not just try it?
Because it's
On Mon, Jan 05, 2004 at 05:06:30PM +1100, August Simonelli wrote:
I'm trying to access the ports collection from my FreeBSD 4.9 server
running behind my firewall (Astaro, www.astaro.org). Whenever I run the
make install command (or even just try to fetch for ftp) it just times
out. A netstat
On 06/01/2004, at 2:00 AM, Matthew Seaman wrote:
On Mon, Jan 05, 2004 at 05:06:30PM +1100, August Simonelli wrote:
I'm trying to access the ports collection from my FreeBSD 4.9 server
running behind my firewall (Astaro, www.astaro.org). Whenever I run
the
make install command (or even just try
Hi all,
I'm trying to access the ports collection from my FreeBSD 4.9 server
running behind my firewall (Astaro, www.astaro.org). Whenever I run the
make install command (or even just try to fetch for ftp) it just times
out. A netstat -an shows:
192.168.1.2.1074 208.209.50.18.21
Hi list, I've two servers running some services, now I want
to firewall both them, do I need to build it on router or in
the FreeBSD box...thanks.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
Xpression wrote:
Hi list, I've two servers running some services, now I want
to firewall both them, do I need to build it on router or in
the FreeBSD box...thanks.
What's your network look like?
If each box has a publicly routable IP address,
I'd definitely put the firewall on each of them
On Wed, 31 Dec 2003, Xpression wrote:
Hi list, I've two servers running some services, now I want
to firewall both them, do I need to build it on router or in
the FreeBSD box...thanks.
That is totally up to you.
If you plan to do it on one of your FreeBSD machines I believe you will
need
On Wed, 31 Dec 2003 09:59:10 -0500
Xpression [EMAIL PROTECTED] wrote:
Hi list, I've two servers running some services, now I want
to firewall both them, do I need to build it on router or in
the FreeBSD box...thanks.
___
[EMAIL PROTECTED
On Mon, 29 Dec 2003 16:30:40 -0800 (PST)
Terry Singh [EMAIL PROTECTED] wrote:
this is my first post to freebsd questions.
MY NETWORK
Internet -- WAN_IF | FIREWALL - 5.1 RELASE | LAN_IF -- LAN network
The WAN_IF has several public addresses as aliases. I have about 20 servers in
the LAN
this is my first post to freebsd questions.
MY NETWORK
Internet -- WAN_IF | FIREWALL - 5.1 RELASE | LAN_IF -- LAN network
The WAN_IF has several public addresses as aliases. I have about 20 servers in
the LAN that require various services allowed to the public Internet.
I basically am doing
of 8139's - rl0 external, rl1 internal. as far as i can tell
they work fine. on the internal network the pings are 100% - i can ftp ssh the works
without problem.
i've noticed that if i turn on the firewall my pings to the isp's router are much much
less reliable, sometimes losing 30
the original generic kernel with no
firewall enable statements in rc.conf? IE: kernel without IPFW or
IPFILTER compiled in. Do you have total access to public internet
with generic kernel and no firewall it's the same situation. pingo-rama but no
downloads.
the response isn't even consistent
established
01400 103 14855 allow tcp from any to me dst-port 22 in setup keep-state
... more firewall rules which are being matched
I find your 400 rule very strage. Rule 400 souldn't apply because they
are passed by 300 (this one doens't have a counter :( ).
I'm following the example given
firewall rules.
net.inet.ip.fw.one_pass: 0
I then put the pipe rules before any firewall rules so that anything
going in and out (in this case) go through the pipes first. They are
then matched by normal firewall rules.
00100 83 11350 pipe 1 ip from any to any out
00200 93 11266 pipe 2 ip from any
this, packets matching pipes are not not
applied again against firewall rules.
net.inet.ip.fw.one_pass: 0
I then put the pipe rules before any firewall rules so that anything
going in and out (in this case) go through the pipes first. They are
then matched by normal firewall rules.
00100
keep-state
... more firewall rules which are being matched
I find your 400 rule very strage. Rule 400 souldn't apply because they
are passed by 300 (this one doens't have a counter :( ).
I'm following the example given by ipfw(8). Rule 0400 is apparently
supposed to block any non dynamic rules
On Tue, Nov 25, 2003 at 11:24:39AM -0800, Real Cucumber wrote:
Does anyone know if FreeBSD 4.9 can withstand various attacks such as DoS straight
out of the box, or does it require any 3rd party stateful packet firewalls etc.. to
be installed?
Both of the built-in firewall packet filters
On Thu, Nov 20, 2003 at 04:19:09PM -0800, Chip wrote:
Alex de Kruijff wrote:
On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip wrote:
I noticed my firewall rules are not being read. I have rc.conf set to
read the file rc.firewall. In rc.firewall the first line is add divert
natd etc
- Original Message -
From: Alex de Kruijff [EMAIL PROTECTED]
To: Chip [EMAIL PROTECTED]
Cc: FreeBSD Questions List [EMAIL PROTECTED]
Sent: Friday, November 21, 2003 1:24 PM
Subject: Re: firewall rules do not get read
On Thu, Nov 20, 2003 at 04:19:09PM -0800, Chip wrote:
Alex de
On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip typed:
I noticed my firewall rules are not being read. I have rc.conf set to
read the file rc.firewall. In rc.firewall the first line is add divert
natd etc etc. that is followed by pass all from any to any etc etc. Then
nothing after
On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip wrote:
I noticed my firewall rules are not being read. I have rc.conf set to
read the file rc.firewall. In rc.firewall the first line is add divert
natd etc etc. that is followed by pass all from any to any etc etc. Then
nothing after
are crap. If you are building a firewall/router -
get real NIC's. On the other hand, most cable modems are band limited by the
cable company to about 1.5 to 2Mbps, so a USB ethernet device might not be a
serious limitation - but I would definitely suggest a good NIC for the LAN
side. I've had
On Thu, 20 Nov 2003, paul van den bergen wrote:
You can also get CF and similar solid stat memory chips to IDE connection
adaptors for around AU$30...
URL?
Sounds like an interesting option for a Firewall I need to do myself very
soon.
___
[EMAIL
On Thu, 20 Nov 2003, J. Seth Henry wrote:
Guys,
Case Outlet*, and perhaps others by now, have the Travla Flex ATX / mini ITX
case that will accomodate two PCI cards. I have an 933MHz EPIA board with two
3c905TX-C NICs, and have seen a substantial improvement in performance over
my old
On Thu, 20 Nov 2003, paul van den bergen wrote:
I have a bunch of these (8000s actually) for a testbed network. work like a
treat... go fanless if you can...
Where did you get them from?
How much?
I did have some hassles with the onboard via network connection not coping
with long vlan
The C137 (in my case, black with a 90W PSU). It wil accomodate a flex ATX
board, as well as the smaller Mini ITX board. If you order the dual riser
card, they will throw in an extra extender with it (since they assume you
will be running an ITX board in it)
Case Outlet doesn't appear to carry
Alex de Kruijff wrote:
On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip wrote:
I noticed my firewall rules are not being read. I have rc.conf set to
read the file rc.firewall. In rc.firewall the first line is add divert
natd etc etc. that is followed by pass all from any to any etc etc
Anyone used a mini ATX machine with FreeBSD?
Have a client that has a space limitation and a mini atx machine like
http://shentech.com/shutspacskvi.html
Would be perfect for him.
My primary concern is the network card. Since these small machines only
have one PCI slot I will add one card for the
Hi Francisco,
Anyone used a mini ATX machine with FreeBSD?
It's mini ITX and yes, just did one yesterday. Small, quiet and
beautiful. ;-)
It was a ME6000 (fanless 600Mhz machine):
On Wed, Nov 19, 2003 at 04:11:46PM +0100, Nico Meijer wrote:
Hi Francisco,
Anyone used a mini ATX machine with FreeBSD?
It's mini ITX and yes, just did one yesterday. Small, quiet and
beautiful. ;-)
It was a ME6000 (fanless 600Mhz machine):
Hi all,
I'm hoping to use an old laptop for a dialup firewall. I'd like to leave it
always on as part of the network, but I don't want it to have the HD running
all the time. If possible, I'd like it to work almost completely without
the drive.
How could I do this?
NOTE: Please CC me, as I
On Wed, 19 Nov 2003, Scott Mitchell wrote:
On Wed, Nov 19, 2003 at 04:11:46PM +0100, Nico Meijer wrote:
.
It was a ME6000 (fanless 600Mhz machine):
I'm using a USB Ethernet adapter for the 'outside' interface on my ME6000,
since I needed the PCI slot for the wireless card.
Where
On Wed, Nov 19, 2003 at 11:39:01AM -0500, Francisco Reyes wrote:
On Wed, 19 Nov 2003, Scott Mitchell wrote:
On Wed, Nov 19, 2003 at 04:11:46PM +0100, Nico Meijer wrote:
.
It was a ME6000 (fanless 600Mhz machine):
I'm using a USB Ethernet adapter for the 'outside' interface
Jonathon McKitrick wrote:
Hi all,
I'm hoping to use an old laptop for a dialup firewall. I'd like to leave it
always on as part of the network, but I don't want it to have the HD running
all the time. If possible, I'd like it to work almost completely without
the drive.
How could I do
On Wed, Nov 19, 2003 at 03:04:54PM -0600, Kevin D. Kinsey, DaleCo, S.P. wrote:
: Jonathon McKitrick wrote:
:
: Hi all,
:
: I'm hoping to use an old laptop for a dialup firewall. I'd like to leave
: it
: always on as part of the network, but I don't want it to have the HD
: running
: all
I have a bunch of these (8000s actually) for a testbed network. work like a
treat... go fanless if you can...
I did have some hassles with the onboard via network connection not coping
with long vlan tagged packets... Not sure if this is still an issue, but the
vlan man page lists compatible
On Thu, 20 Nov 2003 08:43 am, Jonathon McKitrick wrote:
On Wed, Nov 19, 2003 at 03:04:54PM -0600, Kevin D. Kinsey, DaleCo, S.P.
wrote:
: Jonathon McKitrick wrote:
: Hi all,
:
: I'm hoping to use an old laptop for a dialup firewall. I'd like to
: leave it
: always on as part
I noticed my firewall rules are not being read. I have rc.conf set to
read the file rc.firewall. In rc.firewall the first line is add divert
natd etc etc. that is followed by pass all from any to any etc etc. Then
nothing after that is read, it is all ignored.
If I comment out the line pass all
Hi Everybody ,
I'm linux admin . Now I'm working to pass my server to FreeBSD
.. I'm using iptable on Linux box . on FreeBSD which firewall do you
advise ?!
I can't find any documents or How-to about ip-fw .. Do you have ?!
Thanks
Vahric MUHTARYAN
On Mon, Nov 17, 2003 at 07:59:17PM +0200, Vahric MUHTARYAN wrote:
Hi Everybody ,
I'm linux admin . Now I'm working to pass my server to FreeBSD
.. I'm using iptable on Linux box . on FreeBSD which firewall do you
advise ?!
I use ipfw. ipf is also available.
I can't find any
On Mon, Nov 17, 2003 at 07:59:17PM +0200, Vahric MUHTARYAN wrote:
Hi Everybody ,
I'm linux admin . Now I'm working to pass my server to FreeBSD
.. I'm using iptable on Linux box . on FreeBSD which firewall do you
advise ?!
I can't find any documents or How-to about ip-fw .. Do
Vahric MUHTARYAN wrote:
Hi Everybody ,
I'm linux admin . Now I'm working to pass my server to FreeBSD
.. I'm using iptable on Linux box . on FreeBSD which firewall do you
advise ?!
I can't find any documents or How-to about ip-fw .. Do you have ?!
Thanks
Vahric MUHTARYAN
If one of my clients makes a DNS query for a hostname that is not cached,
my firewall subsequently makes a flurry of PTR queries. I am at a loss to
explain why.
For example:
XX+/192.168.1.13/202.1.168.192.in-addr.arpa/PTR/IN
XX+/192.168.1.13/www.davinci.com/A/IN
XX+/192.168.1.1/49.0.229.193
On Sat, Nov 08, 2003 at 01:00:06PM -0800, Jason C. Wells wrote:
If one of my clients makes a DNS query for a hostname that is not cached,
my firewall subsequently makes a flurry of PTR queries. I am at a loss to
explain why.
For example:
XX+/192.168.1.13/202.1.168.192.in-addr.arpa/PTR
How does one get started on IPF...
By reading the IPFilter Howto:
http://www.obfuscation.org/ipf/ipf-howto.html
Enjoy :-)
--
Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/
* I take my wife everywhere, but she keeps finding her way back.
Hello,
We have the following configuration: FreeBSD router with 2 network cards.
- first card has a real IP and connected to internet (lets say
65.1.1.1). There is a ipfw firewall which control traffic to this card.
- second card has another real IP (lets say 65.1.1.2) and connected to
Quintum
DM == Dmitry Mishchenko [EMAIL PROTECTED] writes:
DM - second card has another real IP (lets say 65.1.1.2) and connected to
DM Quintum VoIP box.
Personally, I would *never* put my quintum on a public IP even with a
firewall in front of it i run mine inside a NAT'd LAN, and let
remote sites
I have an old machine running FBSD-4.0 using ipfw. It's been working as
is for a few years, but I decided to look it over and make some
adjustments. I noticed what appears to be a problem - even though
rc.conf calls for firewall_type=client, when I run ipfw show I get only
lines -
the divert
www.kgb.ro/Ipfw-HOWTO
HTH,
petre
On Wednesday 22 October 2003 18:05 Anno Domini, fbsd_user wrote using one of
his keyboards:
The FBSD handbook gives the idea that IPFW is the only firewall.
FBSD also comes with ipfilter which is much easier to use and
sertup. Google the questions archives
Do a quick google search on building freebsd firewall. I was building
a FreeBSD firewall this week, and several of these sites were very
helpful. There are sites for both ipfilter and ipfw. So, take your
pick. I'm using ipfilter, but either firewall method will be sufficient
for most
Hello,
I'm trying to set up a firewall with ipfw by using the client
firewall type given in rc.firewall as an example. My problem
is that the client rules don't allow me to do common
web-browsing. What should I add to the script to
resolve this without seriously compromising security?
cheers
The FBSD handbook gives the idea that IPFW is the only firewall.
FBSD also comes with ipfilter which is much easier to use and
sertup. Google the questions archives for loads of info about
configuring ipfilter. You will be glade you did.
-Original Message-
From: [EMAIL PROTECTED]
[mailto
=2
net.inet.udp.blackhole=1
net.inet.tcp.recvspace=65535
net.inet.tcp.sendspace=65535
-- firewall settings:
# External Interface
block out on xl0 all
block in log on xl0 all
pass in quick on xl0 proto tcp from any to any port = 21 flags S keep
frags keep state
pass in quick on xl0 proto tcp from
801 - 900 of 1122 matches
Mail list logo