[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using ipfw


> # first, disallow all external communication into the network
> ipfw add forwarding deny all to 205.241.206/24
> # allow all internal communication to the internet
> ipfw add forwarding accept all 205.241.206/24 to
> # allow WWW access from the external world to a single computer
> ipfw add forwarding accept tcp 80 to

A sample telnet-session from to may show you why above
rules wont work:


type                       Dir.
IP SYN  ->
IP S+A  <-
IP ACK  ->

(This is the normal 3way Handshake of TCP Connections).

The Problems with your above Rules is, that the Second Data Package will
never arrive the local host. To understand the problems with networking and
what you have to do to make the right Rules, you should consulte a book
about TCP/IP. AFAIK Olafs new Network Administration Guide will include a chapter
on that Topic.

> ipfw list firewall
> just hangs the command line until I issue a ^C, at which it aborts. 
>  Therefore, I can not look at what the firewall's state is.

Probably you have locked out all the DNS conversation of your host with the
outside wirld and ipfw waits for a lot of timeouts in resolvng hostnames.
Just try to use "ipfw -n l f".

> Another side issue, what is the largest TCP port number allowable?

Ports are in the Range of 1-65535.

  (OO)      -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
 ( .. )  ecki@lina.{inka.de,ka.sub.org}  http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +4972573817  *plush*
(O____O)       If privacy is outlawed only Outlaws have privacy

Reply to: