On Monday 19 January 2004 00:47, Andrew L. Gould wrote: > I can't seem to get the ipfw rules right for letting ssh clients access a > ssh server. I can use ssh on the server to connect to the client; but if I > try to connect from the client to the server, the operation times out. > > I have my rules in /etc/ipfw.rules. Executing 'ipfw show' displays all of > the rules as expected. It also shows packets having been allowed at rule > 300 after an attempt to connect has been made. > > I have copied the top portion of /etc/ipfw.rules: > > #!/bin/sh > > # Andrew L. Gould's firewall rules. > > fwcmd="/sbin/ipfw -q" > ${fwcmd} -f flush > > > # Basic rules that should not be changed > ${fwcmd} add 00100 pass all from any to any via lo0 > ${fwcmd} add 00110 deny all from any to 127.0.0.0/8 > ${fwcmd} add 00120 deny ip from 127.0.0.0/8 to any > > > # Allow specified service requests in > # ssh > ${fwcmd} add 00300 allow tcp from any to me 22 > ${fwcmd} add 00301 allow udp from any to me 22 > > Does anyone have any idea why the operation is timing out or what I have > done wrong? You forgot the packets in the other direction... This should do the trick :
${fwcmd} add 00300 allow tcp from any to me 22 ${fwcmd} add 00301 allow tcp from me 22 to any grtz, Daan _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"