ipfw

• Next message: Simon Nielsen: "Re: ipfw"
• Previous message: Martin-Legène, Robert: "RE: ipfw regler for at få ftp trafik igennem?"
• Next in thread: Simon Nielsen: "Re: ipfw"
• Reply: Simon Nielsen: "Re: ipfw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

From: "Jakob Kruse" <none@jkr--secnet.dk.lh.bsd-dk.dk>
To: <none@bsd-dk--bsd-dk.dk.lh.bsd-dk.dk>
Subject: ipfw
Date: Sat, 15 Dec 2001 00:46:55 +0100

Hej alle.

Jeg har et problem med min firewall. Det er en bridged firewall, hvor kun et
interface har en ip adresse.

Min kerne er som følgende.
options BRIDGE
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPSTEALTH
options IPFIREWALL_VERBOSE_LIMIT=200

Min opsætning er som følgende

ISP->router(1.1.1.1)->(1.1.1.2)firewall->resten(1.1.1.x)

Problemmet er at SYN packer uden videre bliver sent igennem.

et lille udpluk fra min ipfw show
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00450 0 0 check-state
00550 0 0 deny log logamount 200 ip from 10.0.0.0/8 to any in
recv rl0
00650 0 0 deny log logamount 200 ip from 172.16.0.0/12 to any
in recv rl0
00750 0 0 deny log logamount 200 ip from 192.168.0.0/16 to any
in recv rl0
00851 5538806 861530175 allow ip from mynet to any keep-state in recv rl1

Det er noget af et problem, da min firewall ikke kan lave en check-state.

Håber der er nogle der kan hjælpe her

• Next message: Simon Nielsen: "Re: ipfw"
• Previous message: Martin-Legène, Robert: "RE: ipfw regler for at få ftp trafik igennem?"
• Next in thread: Simon Nielsen: "Re: ipfw"
• Reply: Simon Nielsen: "Re: ipfw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:17 CET