On Nov 22, 2008, at 10:37 AM, Wojciech Puchar wrote:
rule looks OK, but your message clearly suggest you DO NOT have IP
forwarding enabled
Interesting sysctl reports that forwarding is enabled:
$ sysctl -a |grep forward
net.inet.ip.forwarding: 1
it's not that. it's about routing, not ipfw
rule looks OK, but your message clearly suggest you DO NOT have IP
forwarding enabled
Interesting sysctl reports that forwarding is enabled:
$ sysctl -a |grep forward
net.inet.ip.forwarding: 1
it's not that. it's about routing, not ipfw forwarding
you need
IPFIREWALL_FORWARD
option in kern
On Nov 22, 2008, at 5:43 AM, Tom Marchand wrote:
On Nov 21, 2008, at 6:25 PM, Wojciech Puchar wrote:
I am trying to add a IPFW rule to forward traffic but I keep
getting the message "ipfw: getsockopt(IP_FW_ADD): Invalid
argument". The rule I am trying to add looks like this:
On Nov 21, 2008, at 6:25 PM, Wojciech Puchar wrote:
I am trying to add a IPFW rule to forward traffic but I keep
getting the message "ipfw: getsockopt(IP_FW_ADD): Invalid
argument". The rule I am trying to add looks like this:
ipfw add 600 fwd 192.169.2.3, 6000 tcp from 192.
I am trying to add a IPFW rule to forward traffic but I keep getting the
message "ipfw: getsockopt(IP_FW_ADD): Invalid argument". The rule I am
trying to add looks like this:
ipfw add 600 fwd 192.169.2.3, 6000 tcp from 192.169.2.3 to any 80
I do have IP Forwarding enabled. Any id
I am trying to add a IPFW rule to forward traffic but I keep getting
the message "ipfw: getsockopt(IP_FW_ADD): Invalid argument". The rule
I am trying to add looks like this:
ipfw add 600 fwd 192.169.2.3, 6000 tcp from 192.169.2.3 to any 80
I do have IP Forwarding enabled. Any
On Monday 05 November 2007 02:10:12 Juri Mianovich wrote:
> Is there a way to tell ipfw:
>
> "all interfaces currently configured on this system" ?
That's not possible directly, I think.
> I have a laptop and at any time I could plug in a USB
> NIC or plug in a pccard, in addition to the onboard
On Mon, 5 Nov 2007 00:22:00 + RW <[EMAIL PROTECTED]> wrote:
> On Sun, 4 Nov 2007 16:10:12 -0800 (PST)
> Juri Mianovich <[EMAIL PROTECTED]> wrote:
>
> >
> > Is there a way to tell ipfw:
> >
> > "all interfaces currently configured on this system" ?
> >
> >...
> >
> > So if I have
>
> Is there a way to tell ipfw:
>
> "all interfaces currently configured on this system" ?
>
> I have a laptop and at any time I could plug in a USB
> NIC or plug in a pccard, in addition to the onboard
> LAN and WIFI, either of which may or may not be
> configured at boot time.
>
> So the
On Sun, 4 Nov 2007 16:10:12 -0800 (PST)
Juri Mianovich <[EMAIL PROTECTED]> wrote:
>
> Is there a way to tell ipfw:
>
> "all interfaces currently configured on this system" ?
>
>...
>
> So if I have a rule like:
>
> allow ip from any to any via iwi0
>
You don't have to use "via" in a rule.
__
Is there a way to tell ipfw:
"all interfaces currently configured on this system" ?
I have a laptop and at any time I could plug in a USB
NIC or plug in a pccard, in addition to the onboard
LAN and WIFI, either of which may or may not be
configured at boot time.
So the point is, the active, con
Hello,
I have observed the following behavior in IPFW (note the asterisks):
ipfw add 1000 allow tcp from 10.1.2.3 to 10.3.2.1 ** in
gets added to the rule list as:
01000 allow tcp from 10.1.2.3 to 10.3.2.1 *dst-port * in?
Why does IPFW convert my "" to "dst-port " an
ecause log_in_vain is 1.
Question: What IPFW rule would block this without interfering with
normal http traffic on port 80 (I have Apache running on the box and
nat'd machines on the inside interface that access the Internet)?
In most peoples' configurations, this would be getting blocked by a
d
sole because log_in_vain is 1.
>
> Question: What IPFW rule would block this without interfering with
> normal http traffic on port 80 (I have Apache running on the box and
> nat'd machines on the inside interface that access the Internet)?
In most peoples' configurations,
I get this message (below) on the console of my FreeBSD 4.10 firewall:
Connection attempt to TCP :20388 from 61.151.248.42:80
flags 0x12
It appears that this is getting through the firewall and is logged to
the console because log_in_vain is 1.
Question: What IPFW rule would block this without
--On Sunday, July 18, 2004 11:43 AM -0600 Aaron Dalton
<[EMAIL PROTECTED]> wrote:
I am using Doorman (http://doorman.sourceforge.net)as a port knocking
daemon and I need to write a short script that adds and deletes rules to
the ipfw firewall. I can add them just fine, but I can't find the best
I am using Doorman (http://doorman.sourceforge.net)as a port knocking
daemon and I need to write a short script that adds and deletes rules to
the ipfw firewall. I can add them just fine, but I can't find the best
way to delete them. Is the only way to specify the exact rule number?
Below is the
Hi,
I use FreeBSD 4.9-Stable, with IPFW2 compiled in.
I have an ipfw rule as follows:
ipfw allow udp from 11.22.33.44 to any in via rl0
which works fine for my purpose (I faked the IP address for this email).
Next I needed to add MAC-checking on this rule, so to begin with
I tried to add a dummy
),
or recvfrom(2). In the latter case, the address returned
will have its port set to some tag supplied by the packet
diverter, (usually the ipfw rule number)
But I cant seem to get it to do so, nor am i really sure I want
it to do so. I still need the source and dest ip and
me 22 via tl0, but that wouldn't allow a connection either...
It's a bit confusing...
Thanks again,
D
From: Lowell Gilbert <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: "Drew Robertson" <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Subject: Re: IPFW Rule s
Just a very quick suggestion - when you get an initial connection that
closes almost immediately, it is usually TCP wrappers rather than a
firewall. Have you checked /etc/hosts.allow?
- Original Message -
From: "Drew Robertson" <[EMAIL PROTECTED]>
Subject: IPFW R
"Drew Robertson" <[EMAIL PROTECTED]> writes:
> I have enabled SSH, TELNET and FTP on my freeBSD 4.8 box at home... it
> is dual homed, 2 NICs one for the internal LAN one running my cable
> modem. Everything works fine on the internal side.
>
> When accessing the box using any of those apps from
Hi everyone,
Thanks to those who take the time to read and reply to these emails.
I have a strange issue regarding my firewall (IPFW)...
I have enabled SSH, TELNET and FTP on my freeBSD 4.8 box at home... it is
dual homed, 2 NICs one for the internal LAN one running my cable modem.
Everything
(snip)
> My firewall log is flooded with this message:
>
> [date and time]churgeon /kernel: ipfw: Deny UDP 10.142.240.1:67
> 255.255.255.255:68 in via ed1
Ports 67 and 68 are used by DHCP. If you get your IP address
from a DHCP server, or you are serving or using DHCP on this
interface, you will
Hello
I am running 4.7-release p6 as a gateway (ipfw+natd). Thanks to
those of you who helped me firm up my ruleset. Natd is running
and configured, however, I am not able to do port redirection or
http from the outside. (Firewall disk crashed over the weekend,
and I didn't have things prop
Hello
I am running 4.7-release p6 as a gateway (ipfw+natd). Thanks to those of you who
helped me firm up my ruleset. Natd is running and configured, however, I am not able
to do port redirection or http from the outside. (Firewall disk crashed over the
weekend, and I didn't have things prope
On Wed, 26 Feb 2003 02:25:12
Giorgos Keramidas wrote:
>On 2003-02-25 16:09, Joshua Lokken <[EMAIL PROTECTED]> wrote:
>> When I remove the default deny rule from the list, nat works fine,
>> port redirections and all, but with the deny rule in place, nat
>> isn't working, so I'm thinking I hav
On 2003-02-25 16:09, Joshua Lokken <[EMAIL PROTECTED]> wrote:
> When I remove the default deny rule from the list, nat works fine,
> port redirections and all, but with the deny rule in place, nat
> isn't working, so I'm thinking I have a rule in the wrong place.
> Can anyone point out any obvious
- Forwarded Message -
DATE: Tue, 25 Feb 2003 16:06:22
From: "Joshua Lokken" <[EMAIL PROTECTED]>
To: "Questions" <[EMAIL PROTECTED]>
Hello,
Primary harddisk failed on my 4.7-release gateway (ipfw+natd) box last weekend, and I
had not backed things up properly. Attached is my i
Hello,
Primary harddisk failed on my 4.7-release gateway (ipfw+natd) box last weekend, and I
had not backed things up properly. Attached is my ipfw ruleset. After the rebuild, I
rewrote things from memory.
When I remove the default deny rule from the list, nat works fine, port redirections
Hi,
I am trying to create these two ipfw rules:
deny all packets with an ack of zero
deny all tcp packets with no MSS specified
Can anyone show me the syntax to do that ? Also, comments on bad things
that could happen if I put these in are appreciated. AFAIK, the only
thing that can happen
31 matches
Mail list logo
