On Wed, 26 Sep 2007 20:46:29 +0100 Chris Yocum <[EMAIL PROTECTED]> wrote:
> Just to explain a bit, I have installed a FreeBSD 6.2 system on a
> machine to act as a natd router. I turned on the firewall and set the
> firewall rule script to the one from the handbook
> (http://www.freebsd.
Hi,
Yep, it was a blunder by me. Thank you very much!
Chris
On 9/26/07, Chuck Swiger <[EMAIL PROTECTED]> wrote:
> On Sep 26, 2007, at 12:46 PM, Chris Yocum wrote:
> [ ... ]
> > I also get "Sep 26 20:09:17 routy kernel: ipfw: 450 Deny UDP > router outside IP>:53 :53 out via sis0" in my
> >
On Sep 26, 2007, at 12:46 PM, Chris Yocum wrote:
[ ... ]
I also get "Sep 26 20:09:17 routy kernel: ipfw: 450 Deny UDP :53 :53 out via sis0" in my
/var/log/security file. I have appended the ipfw rules below so you
can see all the changes that I made from the original.
The setup keyword should
Hi Everyone,
Just to explain a bit, I have installed a FreeBSD 6.2 system on a
machine to act as a natd router. I turned on the firewall and set the
firewall rule script to the one from the handbook
(http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html)
(Example Rules
On Mon, 24 Sep 2007 17:47:31 -0400
"Grant Peel" <[EMAIL PROTECTED]> wrote:
> Hi Jeff,
>
> I have a client to wants access to mysql on port 3306, but none (4)
> of his computers have static IPs. So, answer your question, he wants
> to access from several hops down the (internet) pipe.
>
> And I j
On Monday 24 September 2007 23:44:07 Chuck Swiger wrote:
> On Sep 24, 2007, at 2:33 PM, Grant Peel wrote:
> > Is there anyway to make a rule in IPFW that will match MAC
> > addresses instead of IP or port numnbers (and no, I didnt see
> > anything in the docs :-))
>
> Search "man ipfw" for MAC. So
On Mon, 24 Sep 2007 17:33:05 -0400
"Grant Peel" <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I am sorry if this is a no-brainer
>
> Is there anyway to make a rule in IPFW that will match MAC addresses
> instead of IP or port numnbers (and no, I didnt see anything in the
> docs :-))
man ipfw a
-questions@freebsd.org
Sent: Monday, September 24, 2007 5:34 PM
Subject: Re: Silly IPFW question.
Well..where is the mac you want to firewall from/against?
On 9/24/07, Grant Peel <[EMAIL PROTECTED]> wrote:
Hi all,
I am sorry if this is a no-brainer
Is there anyway t
On Sep 24, 2007, at 2:33 PM, Grant Peel wrote:
Is there anyway to make a rule in IPFW that will match MAC
addresses instead of IP or port numnbers (and no, I didnt see
anything in the docs :-))
Search "man ipfw" for MAC. Something like this will:
ipfw add 10 deny MAC any 10:20:30:40:50:6
On Monday 24 September 2007 23:33:05 Grant Peel wrote:
> Is there anyway to make a rule in IPFW that will match MAC addresses
> instead of IP or port numnbers (and no, I didnt see anything in the docs
> :-))
Generally no, since IP FW works on IP level, not ethernet. That said, I just
read about
Well..where is the mac you want to firewall from/against?
On 9/24/07, Grant Peel <[EMAIL PROTECTED]> wrote:
>
> Hi all,
>
> I am sorry if this is a no-brainer
>
> Is there anyway to make a rule in IPFW that will match MAC addresses
> instead
> of IP or port numnbers (and no, I didnt see anyt
Hi all,
I am sorry if this is a no-brainer
Is there anyway to make a rule in IPFW that will match MAC addresses instead
of IP or port numnbers (and no, I didnt see anything in the docs :-))
-Grant
___
freebsd-questions@freebsd.org mailing li
You are so the man!
That's it. You have no idea how long I've spend looking for this.
Thanks again!
- Original Message -
From: "Andras Kende" <[EMAIL PROTECTED]>
To: "'Gerard Meijer'" <[EMAIL PROTECTED]>;
Sent: Monday, January 03, 2
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gerard Meijer
Sent: Monday, January 03, 2005 12:29 PM
To: freebsd-questions@freebsd.org
Subject: ipfw question (FreeBSD 4.11)
I run apache webserver on my server with FreeBSD 4.11
I have a question about
I run apache webserver on my server with FreeBSD 4.11
I have a question about ipfw. I have the following rules in my /etc/ipfw.conf:
$cmd 00200 allow tcp from any to any 80 out via $pif setup keep-state
$cmd 00400 allow tcp from any to any 80 in via $pif setup keep-state
(with $pif being my NIC)
On 2004-09-20 22:43, adrian kok <[EMAIL PROTECTED]> wrote:
>
> 1/ Recently, my mrtg graph showed many spikes
> "Incoming" in outer interface of the router.
>
> ls it possible to log them and check?
It is. A better approach is to block everything that you don't really
need and then start logging l
Dear all
I have 2 questions
1/ Recently, my mrtg graph showed many spikes
"Incoming" in outer interface of the router.
ls it possible to log them and check?
If I log everthing, I am afraid to slow down the
network. What is the best way to do it?
2/ I read some firewall docs. they said that it
Hi Reuben,
Sorry for taking so long to reply. My workstation at work which still
runs Fedora Core RC3 and not a real OS, like FreeBSD, decided to throw
away all outgoing email this morning. Here's a repost extracted from
my =posted mailbox in Mutt [...]
On 2004-06-16 17:04, "Reuben A. Popp" <[E
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Giorgos,
Thanks so much for the quick response on my question :). I more or less took your
rules that you posted,
and tacked on a few more. I belive that what I have is correct, and everything seems
to be working well,
with a few exceptions.
On 2004-06-15 18:31, "Reuben A. Popp" <[EMAIL PROTECTED]> wrote:
> I was tinkering around trying to get my firewall set the way I wanted
> it, but seem to be running into an issue. I know that I have logging
> set in the kernel and in rc.conf, as well as in my ruleset, but for
> some odd reason, t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Good afternoon all,
I was tinkering around trying to get my firewall set the way I wanted it, but seem to
be running into an issue.
I know that I have logging set in the kernel and in rc.conf, as well as in my ruleset,
but for some odd reason,
the f
.
allow icmp from me to any out via xl0
allow icmp from any to me icmptype 0 in via xl0
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Geert
Hendrickx
Sent: Sunday, June 13, 2004 7:23 AM
To: [EMAIL PROTECTED]
Subject: ipfw: question about keep-state on icmp
Hi,
this is a fragment of my ipfw-config which should allow me to ping
others, but not allow others to ping me:
00092 allow icmp from me to any keep-state
65535 deny ip from any to any
Indeed, other hosts can't ping me... UNLESS I am pinging them at the
same time! This is of course a result
At 12:40 3/19/2004, [EMAIL PROTECTED], wrote:
>If you would
>like I can post my IPFW rules. They are extemly simple for my SSH, POP3,
>SMTP, NTP, IMAP, BIND8 setup...
Please do! Could you also include plain English comments as well?
There are a number of people that find these rules confusing.
> Hi list, I've this network configuration:
>
> router (169.158.120.177)
> server1 (169.158.120.178) running bind (named), tacacs+, exim, and a pop3
> server
> server2 (169.158.120.179) running squid, apache2, mysql, proftpd (is
> acting
> as a GATEWAY)
>
> I've a LAN (192.168.1.0/24) and a breakin
Hi list, I've this network configuration:
router (169.158.120.177)
server1 (169.158.120.178) running bind (named), tacacs+, exim, and a pop3
server
server2 (169.158.120.179) running squid, apache2, mysql, proftpd (is acting
as a GATEWAY)
I've a LAN (192.168.1.0/24) and a breaking apart "LAN" (192
Thanks for all, it has been a great help.
MikeM wrote:
Since I reload the firewall rules remotely, I need the -q option on the
ipfw command, e.g.:
ipfw -q /etc/ipfw.conf
otherwise I lose my ssh connection to the box.
See man ipfw(8) for details on -q
On 3/10/2004 at 8:27 PM Thomas Vogt
Since I reload the firewall rules remotely, I need the -q option on the
ipfw command, e.g.:
ipfw -q /etc/ipfw.conf
otherwise I lose my ssh connection to the box.
See man ipfw(8) for details on -q
On 3/10/2004 at 8:27 PM Thomas Vogt wrote:
|Hi
|
|ipfw flush # deletes all
|ipfw /etc/ipfw.co
On Wed, Mar 10, 2004 at 07:52:06PM +0100, Nagy László Zsolt wrote:
> FreeBSD 5.2 system. My problem is, how can I reload the whole thing? The
/sbin/ipfw -q /path/to/your/custom/rulesetfile
No RTFM intended - there are further options, plese have a look
at the ipfw(8) man page.
Regards,
Hi
ipfw flush # deletes all
ipfw /etc/ipfw.conf # loads all
regards
Thomas
Nagy László Zsolt wrote:
Hi!
I'm using my own ip firewall (firewall_type="/etc/ipfw.conf") on my
FreeBSD 5.2 system. My problem is, how can I reload the whole thing? The
ipfw command is for creating and deleting individ
On Mar 10, 2004, at 1:52 PM, Nagy László Zsolt wrote:
I'm using my own ip firewall (firewall_type="/etc/ipfw.conf") on my
FreeBSD 5.2 system. My problem is, how can I reload the whole thing?
Try "sh /etc/rc.firewall", or "ipfw -p /bin/cat /etc/ipfw.conf". If
you are not on the console of the mac
Hi!
I'm using my own ip firewall (firewall_type="/etc/ipfw.conf") on my
FreeBSD 5.2 system. My problem is, how can I reload the whole thing? The
ipfw command is for creating and deleting individual rules. What I would
like to do is to create profiles (different config files) and reload the
wh
On Tue, Mar 02, 2004 at 10:39:42PM +0100, C. Kukulies wrote:
> I have setup my FreeBSD box with ASDL (pppoe) and ipfw (rc.firewall with
> type 'simple').
>
> I have finetuned to allow ssh from certain addresses outside, sendmail works,
> but I cannot ping either from inside or from outside.
>
>
I have setup my FreeBSD box with ASDL (pppoe) and ipfw (rc.firewall with
type 'simple').
I have finetuned to allow ssh from certain addresses outside, sendmail works,
but I cannot ping either from inside or from outside.
What does the rule for ICMP look like?
--
Chris Christoph P. U. Kukulies k
On Tue, 11 Nov 2003 12:00:10 - "Simon Gray" <[EMAIL PROTECTED]> probably wrote:
> >630000 0 deny log logamount 100 udp from any to any 119 via
> sis0
> >63000 24 1152 deny log logamount 100 tcp from any to any 135 via sis0
> >630000 0 deny log logamount 100 udp f
Shawn Guillemette wrote:
Looking at ipfw show
630000 0 deny log logamount 100 udp from any to any 119 via sis0
63000 24 1152 deny log logamount 100 tcp from any to any 135 via sis0
630000 0 deny log logamount 100 udp from any to any 135 via sis0
63000 is the rule n
thank you..
Im realy only blocking 135 due to the MSBlaster and others... no Samba yet
- Original Message -
From: "Simon Gray" <[EMAIL PROTECTED]>
To: "Shawn Guillemette" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, November 11, 2
>630000 0 deny log logamount 100 udp from any to any 119 via
sis0
>63000 24 1152 deny log logamount 100 tcp from any to any 135 via sis0
>630000 0 deny log logamount 100 udp from any to any 135 via
sis0
>63000 is the rule number correct?
>IM wondering what the other
Looking at ipfw show
630000 0 deny log logamount 100 udp from any to any 119 via sis0
63000 24 1152 deny log logamount 100 tcp from any to any 135 via sis0
630000 0 deny log logamount 100 udp from any to any 135 via sis0
63000 is the rule number correct?
IM wonderi
On Fri, Mar 28, 2003 at 10:34:16AM -0500, Walter wrote:
Date: Fri, 28 Mar 2003 10:34:16 -0500
From: Walter <[EMAIL PROTECTED]>
To: Questions <[EMAIL PROTECTED]>
Subject: ipfw question
Hi all,
I see a strange entry in my mail log from the
ipfw log output. I don't really hav
Hi all,
I see a strange entry in my mail log from the
ipfw log output. I don't really have a firm grasp
on ipfw yet and need help understanding how this
log entry came about (17 times), below:
> ipfw: 1700 Deny TCP 0.0.0.0:80 192.168.xxx.xxx:49339 in via fxp0
The output of "ipfw list" starts
>IPFW question in 2.2.8 release?
Ouch! Dummynet was very new and probably best classed as "experimental" in
2.2.8, and even in most of the 3.x line it was a bit flakey. I'm not surprised
you are having trouble with it and I'm also not surprised Luigi is unwilling or
u
Hi, I'm sorry to bother you all, but I have the following questions, I'm
using freebsd 2.2.8 with custom gated daemon that supports QoSR, I was
told to some tests with ipfw using dummynet "extension" all goes whell
when after 5 or 6 minutes of test and I thing IPFW fails,
if I do ipfw -a l
I got
> > Greetings,
> >
> > I am attempting to build a dual-homed firewall using FreeBSD 4.7
> > RELEASE. The PC is presently connected to a corporate LAN with DHCP
and
> > DNS servers and a broadband connection to the Internet.
> >
> > The outside interface (rl0) is configured as follows:
> > IP addre
Brian Davis wrote:
Greetings,
I am attempting to build a dual-homed firewall using FreeBSD 4.7
RELEASE. The PC is presently connected to a corporate LAN with DHCP and
DNS servers and a broadband connection to the Internet.
The outside interface (rl0) is configured as follows:
IP address: a.b.14
Greetings,
I am attempting to build a dual-homed firewall using FreeBSD 4.7
RELEASE. The PC is presently connected to a corporate LAN with DHCP and
DNS servers and a broadband connection to the Internet.
The outside interface (rl0) is configured as follows:
IP address: a.b.148.62 (dynamically as
Dear/Beste Steve,
Monday, January 13, 2003, 3:07:53 AM, you wrote:
>>Dear/Beste Steve,
>>
>>Monday, January 13, 2003, 12:23:09 AM, you wrote:
>>
>>> Hey people,
>>
>>> I'm having trouble limiting users to certain services on my LAN.
>>
>>> Here's what im trying to do.
>>
>>> Based on group membe
- Original Message -
From: "Flemming Frøkjær" <[EMAIL PROTECTED]>
To: "Alvaro Rosales R." <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, November 26, 2002 8:29 AM
Subject: Re: NAT + IPFW question
> Alvaro Rosales R. wrote:
> >
Alvaro Rosales R. wrote:
> Hi fellows I have setup natd in my freeBSD BOX (using firewall =OPEN)
> and it is working fine.
> Now I want to close my firewall so that the only computer that is using
> NATD would the the only one that could accept connections from the
> internet.But when I try to t
- Original Message -
From: "Drew Tomlinson" <[EMAIL PROTECTED]>
To: "Alvaro Rosales R." <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Monday, November 25, 2002 3:01 PM
Subject: Re: NAT + IPFW question
> - Original Message -
> From:
- Original Message -
From: "Alvaro Rosales R." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 25, 2002 2:42 PM
Subject: NAT + IPFW question
> Hi fellows I have setup natd in my freeBSD BOX (using firewall =OPEN)
> and it is working fi
Hi fellows I have setup natd in my freeBSD BOX (using firewall =OPEN)
and it is working fine.
Now I want to close my firewall so that the only computer that is using
NATD would the the only one that could accept connections from the
internet.But when I try to telnet to the natd box I cant connec
52 matches
Mail list logo