IPFW Rules

Paul Civati paul at xciv.org
Sat May 11 12:22:49 BST 2002


"Dave Peacock" <davejpeacock at btinternet.com> wrote:

> I am looking for help please from someone with more IPFW clue than

I've never used ipfw myself, only ipf..

> I am having trouble, I am sure I have got my rules incorrect. If I
> turn this ruleset on, my local machines can NAT through and get to
> the internet, but they cannot log on to the firewall with SSH or
> connect to FTP.

I would make sure all your rules apply to the external interface
only so they don't apply any restrictions to your internal hosts
talking to the internal interface.  In particular it looks like
your last default deny rule will match any traffic going anywherere.

> Also, I cannot connect to SSH from external sites either, I need
> this functionality.

Not sure why this is not working as I'm not familiar with the
ipfw syntax.  You should be able to get some logging of where
the packets are being dropped, and hopefully it should show
you which rule is causing them to be blocked.

-Paul-






More information about the Ukfreebsd mailing list