davejpeacock at btinternet.com
Fri May 10 21:48:17 BST 2002
I am looking for help please from someone with more IPFW clue than me. I am
one of the lucky people to receive an ADSL line lately and have setup my
I am having trouble, I am sure I have got my rules incorrect. If I turn this
ruleset on, my local machines can NAT through and get to the internet, but
they cannot log on to the firewall with SSH or connect to FTP.
Also, I cannot connect to SSH from external sites either, I need this
Any help would be gratefully received. I have read the man page, and am not
sure where I am going wrong, unless it's an order of rules thing maybe?
I am running 4.4 (tracking security).
My ruleset is as follows:
# Flush the ruleset to ensure it's clean
/sbin/ipfw -f flush
# Divert all traffic thru' tun0
/sbin/ipfw add divert natd all from any to any via tun0
# Allow all data from my network card and localhost.
/sbin/ipfw add allow all from any to any via lo0
/sbin/ipfw add allow all from any to any via xe0
# Allow all connections that I initiate.
/sbin/ipfw add allow all from any to any out xmit tun0 setup
# Once connections are made, allow them to stay open.
/sbin/ipfw add allow all from any to any via tun0 established
# Everyone on the internet is allowed to connect to the following ports
/sbin/ipfw add allow tcp from any to any 22 setup
/sbin/ipfw add allow tcp from any to any 80 setup
# This sends a RESET to all ident packets.
/sbin/ipfw add reset log tcp from any to any 113 in recv tun0
# Allow outgoing DNS queries ONLY to the specified servers.
/sbin/ipfw add allow udp from any to 188.8.131.52 53 out xmit tun0
# Allow them back in with the answers... :)
/sbin/ipfw add allow udp from 184.108.40.206 53 to any in recv tun0
# Allow ICMP (for ping and traceroute to work).
/sbin/ipfw add allow icmp from any to any
# Deny all the rest.
/sbin/ipfw add deny log all from any to any
More information about the Ukfreebsd