B H wrote:
Now IPFilter does not work or is VERY slow, ssh, web and mail timesout.
NAT is working like it should.
# dmesg | grep 'IP Filter'
IP Filter: v3.4.35 initialized. Default = pass all, Logging = enabled
ipf.rules looks like this:
# Let clients behind the firewall send out to the internet, and replies to
# come back in by keeping state.
pass out quick on fxp0 proto tcp all keep state
pass out quick on fxp0 proto udp all keep state
pass out quick on fxp0 proto icmp all keep state
# Since nothing should be coming from these address ranges, block them
block in log quick on fxp0 from 82.182.0.0/16 to any
block in quick on fxp0 from 192.168.0.0/16 to any
block in quick on fxp0 from 172.16.0.0/12 to any
block in quick on fxp0 from 10.0.0.0/8 to any
block in quick on fxp0 from 127.0.0.0/8 to any
block in quick on fxp0 from 192.0.2.0/24 to any
block in log quick on fxp0 from any to 10.0.0.0/32
block in log quick on fxp0 from any to 10.0.0.255/32
1st: the last two rules have no effect at all, packets are caught in the
4th in-rule.
You have nat? are you routing traffic? what is your network config
(ifconfig)? from where to where are you trying to connect, from the box
and out? Have you tried to sniff on the interface to see what traffic is
coming in and going out?
ipfilter not working is good (I mean it is easier to track down), ipfilter
being slow is really difficult to debug.
Erik
--
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
