IPFW works a little to well...

To: debian-user@lists.debian.org
Subject: IPFW works a little to well...
From: Anthony Landreneau <landrena@idsno.com>
Date: Wed, 18 Nov 1998 06:14:57 -0600
Message-id: <[🔎] 3.0.5.32.19981118061457.009c0550@idsno.com>

Greetings,
	Looking for a little help with ipfwadm. Got a good machine running 2.0,
two nics and the system is passing traffic wonderfully.  Now I would like
to put in packet filtering. IPFW sounds as though it will fit the bill.
	The HOWTO regarding IPFW suggests a script, which I have written and is
below. The problem, when I execute the script nothing comes in, nothing
goes out, the perfect firewall. The bad news is I need some traffic to
pass. The network behind the firewall is a subnet of a class B network with
255 addresses. If you have any insight on why I might be running into
trouble, or if you have suggestions, I would love to hear from you.

#!/bin/sh
#  Setup IP packet Accounting and Forwarding
#
#
#  By Default DENY ALL services first
ipfwadm -F -p deny
#
#  Flush all Commands
ipfwadm -F -f
ipfwadm -I -f
ipfwadm -O -f
#
#  Allow email to NCTAMS01 
ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 111.229.13.13
#  Allow email to NS1 Relay host
ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 111.229.13.2
#  Allow email to outside mail severs from NCTAMS01
ipfwadm -F -a accept -b -P tcp -S 111.229.13.13 25 -D 0.0.0.0/0 1024:65535
#  Allow email to ouside mail servers from NS1
ipfwadm -F -a accept -b -P tcp -S 111.229.13.2 25 -D 0.0.0.0/0 1024:65535
#  Allow DNS traffic to NS1
ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 111.229.13.2
ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 53 -D 111.229.13.2
ipfwadm -F -a accept -b -P tcp -S 111.229.232.0/24 82 -D 111.229.13.2
#  Allow Web connections to outside Web Servers
ipfwadm -F -a accept -b -P tcp -S 111.229.13.0/24 80 -D 0.0.0.0/0 1024:65535 
#  Allow FTP connection to outside Servers
ipfwadm -F -a accept -b -P tcp -S 111.229.13.0/24 20 -D 0.0.0.0/0 1024:65535 
ipfwadm -F -a accept -b -P tcp -S 111.229.13.0/24 21 -D 0.0.0.0/0 1024:65535 
#  Allow Telnet connections to outside Servers
ipfwadm -F -a accept -b -P tcp -S 111.229.13.0/24 23 -D 0.0.0.0/0 1024:65535
#  Allow NTP time to NS1
ipfwadm -F -a accept -b -P tcp -S 111.229.13.2 123 -D 0.0.0.0/0 1024:65535
 


Anthony Landreneau
Network Administrator
Infinity Data Systems
New Orleans Louisiana
(504)455-8973

Reply to:

Follow-Ups:
- Re: IPFW works a little to well...
  - From: Rainer Clasen <bj@ncc.cicely.de>
- Re: IPFW works a little to well...
  - From: Torsten Landschoff <t.landschoff@gmx.net>

Prev by Date: Re: [ale] /dev/audio: Device or resource busy
Next by Date: Re: Permissions for vfat mounted drive
Previous by thread: Re: [ale] /dev/audio: Device or resource busy
Next by thread: Re: IPFW works a little to well...
Index(es):
- Date
- Thread