Re: ipfwadm

Michael Lausch (mla@gams.co.at)
Sun, 26 May 1996 15:16:11 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Lauri Tischler: "Re: Crap: CONFIG_RANDOM and TCP FILTER"
Previous message: Herbert Rosmanith: "Re: innd and latest linux kernel and libs"

> I have my linux box on a network of suns on eth0, I have a ppp
> connection to the internet. I configured output to default policy of
> accept, and input policy to deny. I set input to accept from the
> localnet/24 on eth0, this works fine, and to my_provider/24, and that
> works fine, as well as a couple of other machines out there I want to
> have access to my machine.
>
> Here's the problem, I set this:
>
> ipfwadm -I -a acc -b -W ppp0 -P tcp -S 0.0.0.0/0 80 -D 0.0.0.0/0 80
> ipfwadm -I -a acc -b -W ppp0 -P udp -S 0.0.0.0/0 80 -D 0.0.0.0/0 80

You should set it to:

ipfwadm -I -a acc -b -W ppp0 -P tcp -S a.b.c.d/32 -D 0.0.0.0/0 80

where a.b.c.d is you IP address.
Because the port of the connecting machine is choosen randonmly (unless
selected by an explicit bind() call) you don't knowe the port number of
the source address. Obviously it can't be 80 if a HTTP server is running
on this machine too.

>
> now ipfwadm -I -l says:
> ...
> acc tcp anywhere anywhere www -> www
> acc udp anywhere anywhere www -> www
>

That's right. You allow connection fropm port 80 (source) to port (80)
destination. But not from an arbitrary port (source) to port
80(destination).

>
> And yet I can't get my browser to work, why??? A side note, I also
> tried accepting on port 53, just to check to see if it was a nameserver
> problem in netscape. Thanks in advance for you help.
>
>
> ---russ
>

---
finger mla@spirit.luga.or.at for PGP key
<http://spirit.luga.or.at/~mla>

Next message: Lauri Tischler: "Re: Crap: CONFIG_RANDOM and TCP FILTER"
Previous message: Herbert Rosmanith: "Re: innd and latest linux kernel and libs"