Problem with firewall and the ports

2005-10-21 Thread Jayesh Jayan
Hi,

I have a firewall in place on my server. I have opened few ports on it. The
openports are 80,443, 22 ,21,20 and also the range 49152-65535.

So when I try to retrive the INDEX file of ports I get the below errors with
fetch and wget.

*

fetch:
ftp://ftp12.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/INDEX:
Permission denied

*

wget
ftp://ftp12.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/INDEX
--02:17:13--
ftp://ftp12.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/INDEX
=> `INDEX'
Resolving ftp12.freebsd.org... done.
Connecting to ftp12.freebsd.org[141.142.2.89 ]:21...
connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD
/pub/FreeBSD/ports/i386/packages-5.4-release... done.
==> PASV ... couldn't connect to 141.142.2.89:22692:
Permission denied
Retrying.

--02:17:15--
ftp://ftp12.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/INDEX
(try: 2) => `INDEX'
Connecting to ftp12.freebsd.org[141.142.2.89 ]:21...
connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD
/pub/FreeBSD/ports/i386/packages-5.4-release... done.
==> PASV ... couldn't connect to 141.142.2.89:46083:
Permission denied
Retrying.

--02:17:17--
ftp://ftp12.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/INDEX
(try: 3) => `INDEX'
Connecting to ftp12.freebsd.org[141.142.2.89 ]:21...
connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD
/pub/FreeBSD/ports/i386/packages-5.4-release... done.
==> PASV ... couldn't connect to 141.142.2.89:10401:
Permission denied
Retrying.

--02:17:20--
ftp://ftp12.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/INDEX
(try: 4) => `INDEX'
Connecting to ftp12.freebsd.org[141.142.2.89 ]:21...
connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD
/pub/FreeBSD/ports/i386/packages-5.4-release... done.
==> PASV ... couldn't connect to 141.142.2.89:8356:
Permission denied
Retrying.

--02:17:25--
ftp://ftp12.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/INDEX
(try: 5) => `INDEX'
Connecting to ftp12.freebsd.org[141.142.2.89 ]:21...
connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD
/pub/FreeBSD/ports/i386/packages-5.4-release... done.
==> PASV ... couldn't connect to 141.142.2.89:41680:
Permission denied
Retrying.

*

So can I have a picture of which all ports are required so that i can enable
those

Awaiting your guidance.
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Problem with firewall and the ports

2005-10-21 Thread Thomas Wolf

Jayesh Jayan wrote:

Hi,

I have a firewall in place on my server. I have opened few ports on it. The
openports are 80,443, 22 ,21,20 and also the range 49152-65535.

So when I try to retrive the INDEX file of ports I get the below errors with
fetch and wget.



[permission denied]

Please post your complete ruleset.

Thomas
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: ipfw firewall help

2005-10-21 Thread Daemon
Great!.  Thanks.  One possibly stupid question.  What is the "Deny
Spoof"?  Is that like;
# Stop spoofing of your internal network range
#   ${fwcmd} add deny ip from ${iif} to any in via ${oif}
# Stop spoofing from inside your private ip range
#   ${fwcmd} add deny ip from not ${iif} to any in via ${iif}


G Bryant wrote:
> Hi,
> I found my rules worked best in this order:
> (You will need to correct the syntax - just typed up the order for you
> quickly)
> 
> Deny spoofed
> Allow localhost
> Allow all from any to any via $iif
> divert natd all from any to any in via $oif
> #insert bandwidth shaping rules
> skipto 5000 all from $iip to any out via $oif
> #allow all from any to me in via $oif # if you want to receive traffic
> from internet to this box. Your decision if you need it.
> deny all from any to any out
> allow all from any to $iip in via $oif
> #allow all from me to any out via $oif # traffic from this box out to
> the internet.  Your decision if you need it.
> deny all from any to any in
> 5000 nat all from any to any out via $oif
> allow all from any to any out
> 
> This is a very "open" set of rules - your choice.
> Hope this helps.
> Regards,  Graham
> 
> 
> Daemon wrote:
> 
>> I'm trying to build a firewall from scratch using man ipfw and what I
>> can find on the net.  I'm doing bandwidth shaping and I'm not quite sure
>> where it goes as far as rule numbers.  From what I can see, it matters
>> and I'd like to do it right.  I'm using an OPEN firewall with NATD
>> because I'm on cable broadband with a static IP.  Here is what I have.
>>
>> 00010   52   2446 pipe 1 ip from 172.16.140.0/24 to any xmit re0
>> 000200  0 pipe 2 ip from any to 172.16.140.0/24 recv re0
>> 00050  274  24955 divert 8668 ip from any to any via re0
>> 00100   50   5642 allow ip from any to any via lo0
>> 002000  0 deny ip from any to 127.0.0.0/8
>> 003000  0 deny ip from 127.0.0.0/8 to any
>> 65535 4658 547779 allow ip from any to any
>>
>> The actual rule set for the bandwidth shaping is:
>>
>> # Traffic Shaping.
>> # oif="re0"# ${oif} Public Interface.
>> # iif="re1"# ${iif} Internal nic.
>> # iip="172.16.140.0/24"# ${iip}
>>
>> ${fwcmd} add 10 pipe 1 all from ${iip} to any xmit ${oif}
>> ${fwcmd} pipe 1 config mask src-ip 0xff00 bw 35Kbits/s queue 40Kbytes
>>
>> ${fwcmd} add 20 pipe 2 all from any to ${iip} recv ${oif}
>> ${fwcmd} pipe 2 config mask dst-ip 0xff00 bw 4000Kbits/s queue
>> 40Kbytes
>>
>> I've found lots of stuff on "how" to set it up but I can't seem to find
>> anything on where the rules go.  Any help would be greatly appreciated.
>>
>> Regards,
>>
>> Mark
>> ___
>> freebsd-ipfw@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>>
>>
>>  
>>
> 
> ___
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> 
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"