Professional Web Applications Themes

Operation: "ipfw on a gateway box" - FreeBSD

Hiram Abiff <domain.adminonline.ie> writes: > I followed your advice and rewrote my firewall rules. > Although, even now, there are some major difficulties. Please remember that you sent this message to a mailing list with a very large number of people. I, for one, do not remember the earlier messages, and may not have read them. > I still, can't acces the net from my 2 other computers > via my FreeBSD firewalled gateway. > Although I set up on it to allow traffic on > ports 21, 22, 53, 8080 I can only telent to port > 21, all ...

  1. #1

    Default Re: Operation: "ipfw on a gateway box"

    Hiram Abiff <domain.adminonline.ie> writes:
    > I followed your advice and rewrote my firewall rules.
    > Although, even now, there are some major difficulties.
    Please remember that you sent this message to a mailing list with a
    very large number of people. I, for one, do not remember the earlier
    messages, and may not have read them.
    > I still, can't acces the net from my 2 other computers
    > via my FreeBSD firewalled gateway.
    > Although I set up on it to allow traffic on
    > ports 21, 22, 53, 8080 I can only telent to port
    > 21, all the others report a "connection refused" error.
    Where did you do this from?
    > I can ping the FreeBSD box, but i cannot ping any outside
    > IP addresseses from the FreeBSD box or the other boxes on my
    > home LAN.
    In other words, not only can't you access the net from the other
    computers, but you can't from the FreeBSD box either?

    Does anything work *without* the firewall?
    > Also when FreeBSD is booting I caught some error messages that
    > said unknow command "setup" for some of my firewall rules.
    Kind of need more details here. I can't see what that could be...
    Lowell Gilbert Guest

  2. #2

    Default Re: Operation: "ipfw on a gateway box"

    Quoting Lowell Gilbert <freebsd-questions-localbe-well.ilk.org>:
    > Hiram Abiff <domain.adminonline.ie> writes:
    >
    > > I followed your advice and rewrote my firewall rules.
    > > Although, even now, there are some major difficulties.
    >
    > Please remember that you sent this message to a mailing list with a
    > very large number of people. I, for one, do not remember the earlier
    > messages, and may not have read them.
    >
    I appologize for the inconvenience. I will try to be clearer.
    > > I still, can't acces the net from my 2 other computers
    > > via my FreeBSD firewalled gateway.
    > > Although I set up on it to allow traffic on
    > > ports 21, 22, 53, 8080 I can only telent to port
    > > 21, all the others report a "connection refused" error.
    >
    > Where did you do this from?
    >
    I tried accesing the FreeBSD box from the 2 other computers
    I have. Also I tried telneting from the FreeBSD box to itself.
    > > I can ping the FreeBSD box, but i cannot ping any outside
    > > IP addresseses from the FreeBSD box or the other boxes on my
    > > home LAN.
    >
    > In other words, not only can't you access the net from the other
    > computers, but you can't from the FreeBSD box either?
    Unfortunately, yes. I tried pinging outside computers by
    IP address but I canćt anymore.
    >
    > Does anything work *without* the firewall?
    Yes, before I started messing with the firewall I had squid
    set up, I set up FreeBSD as a gateway and also as a DNS
    server. I could acces the WWW, ftp, telnet and all the
    other services at will, inside and outside my home LAN.
    >
    > > Also when FreeBSD is booting I caught some error messages that
    > > said unknow command "setup" for some of my firewall rules.
    >
    > Kind of need more details here. I can't see what that could be...
    >
    I was thinking maybe I misplaces the setup keyword in my
    firewall rule file. Did u happen to see it, I posted it in my
    last mail. I dončt understand how ftp works and my
    proxy serevr doesn't if I used the very same and exact
    syntax to define the rules.

    --
    "It was as though a veil had been rent. I saw on that ivory face
    the expression of sombre pride, of ruthless power,
    of craven terror -- of an intense and hopeless despair.
    Did he live his life again in every detail of desire,
    temptation, and surrender during that supreme moment
    of complete knowledge?"
    Hiram Abiff Guest

  3. #3

    Default Re: Operation: "ipfw on a gateway box"

    > > Does anything work *without* the firewall?
    >
    > Yes, before I started messing with the firewall I had squid
    > set up, I set up FreeBSD as a gateway and also as a DNS
    > server. I could acces the WWW, ftp, telnet and all the
    > other services at will, inside and outside my home LAN.
    Try temporarily setting the firewall to just pass everything
    ("ipfw add 1 allow ip from any to any") and see if you can still get
    out through it. I'm guessing something else may be messed up now.
    Lowell Gilbert Guest

  4. #4

    Default Re: Operation: "ipfw on a gateway box"

    On Thursday 17 February 2005 06:12 am, Lowell Gilbert wrote:
    > > > Does anything work *without* the firewall?
    > >
    > > Yes, before I started messing with the firewall I had squid
    > > set up, I set up FreeBSD as a gateway and also as a DNS
    > > server. I could acces the WWW, ftp, telnet and all the
    > > other services at will, inside and outside my home LAN.
    >
    > Try temporarily setting the firewall to just pass everything
    > ("ipfw add 1 allow ip from any to any") and see if you can still get
    > out through it. I'm guessing something else may be messed up now.
    If he is using it as a gateway for other machines he will still need
    NAT. Try this to open the fire wall up:

    public="xl0"
    private="xl1"
    loopBack="lo0"

    ipfw add 00100 allow all from any to any via $private
    ipfw add 00110 allow all from any to any via $loopBack

    #
    # Net Address Translate (NAT) incomming packets
    #
    ipfw add 00120 divert natd ip from any to any in via $public

    #
    # Net Address Translate (NAT) out going packets
    #
    ipfw add 01000 divert natd ip from any to any out via $public
    ipfw add 01010 allow ip from any to any

    I just clipped these from my rules, thats why the weird numbering
    scheme.

    -Mike



    Michael C. Shultz Guest

Similar Threads

  1. Flash plugin "illegal operation" & browser crash(v8,0,28,0)
    By chetto1 in forum Macromedia Flash Player
    Replies: 27
    Last Post: December 11th, 01:20 PM
  2. "Operation Failed. The resource is not a directory, orthere might be a permission problem"
    By rmurdoch in forum Macromedia Contribute General Discussion
    Replies: 0
    Last Post: June 1st, 02:02 PM
  3. Web service operation "firstws" with parameters {} couldnot be found.?
    By kilokilo in forum Coldfusion Component Development
    Replies: 1
    Last Post: March 1st, 11:05 AM
  4. Replies: 1
    Last Post: May 17th, 02:14 PM
  5. Replies: 5
    Last Post: August 11th, 07:44 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139