Re: Using ipfw
Hello,
> # first, disallow all external communication into the network
> ipfw add forwarding deny all 0.0.0.0/0 to 205.241.206/24
> # allow all internal communication to the internet
> ipfw add forwarding accept all 205.241.206/24 to 0.0.0.0/0
> # allow WWW access from the external world to a single computer
> ipfw add forwarding accept tcp 0.0.0.0/0 80 to 205.241.206.206/32
A sample telnet-session from 205.241.206.1 to 1.2.3.4 may show you why above
rules wont work:
telnet 1.2.3.4
type Dir.
---------------------------------------------
IP SYN 205.241.206.1:1300 -> 10.20.30.40:23
IP S+A 205.241.206.1:1300 <- 10.20.30.40:23
IP ACK 205.241.206.1:1300 -> 10.20.30.40:23
(This is the normal 3way Handshake of TCP Connections).
The Problems with your above Rules is, that the Second Data Package will
never arrive the local host. To understand the problems with networking and
what you have to do to make the right Rules, you should consulte a book
about TCP/IP. AFAIK Olafs new Network Administration Guide will include a chapter
on that Topic.
> ipfw list firewall
>
> just hangs the command line until I issue a ^C, at which it aborts.
> Therefore, I can not look at what the firewall's state is.
Probably you have locked out all the DNS conversation of your host with the
outside wirld and ipfw waits for a lot of timeouts in resolvng hostnames.
Just try to use "ipfw -n l f".
> Another side issue, what is the largest TCP port number allowable?
Ports are in the Range of 1-65535.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
( .. ) ecki@lina.{inka.de,ka.sub.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +4972573817 *plush*
(O____O) If privacy is outlawed only Outlaws have privacy
Reply to: