Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Problem with HTTP traffic through IPFW firewall

3 views
Skip to first unread message

Michael

unread,
Aug 27, 2004, 2:44:39 PM8/27/04
to
Hi

I have setup a FreeBSD box as a transparent bridge/router - I have an
assigned /28 net which i am using for some servers.
I have added some rules to the firewall to allow certain types of traffic -
i am looking to allow in and outgoing ftp, http, pop3, smtp, ssl traffic - I
have it working with pinging and DNS lookups and Remote Desktop(for the
windows boxes) but i cant get it to work so i can open webpages from the
server - If i open a browser on the server and try to open a webpage it
dosn't work - but it works if i remove all the deny rules.

I started by creating a rule which accepted ingoing and outgoing traffic on
port 80 - It didn't help - And now when i have a rule that accepts all in-
and outgoing from any IP it still dosn't work and i have tried what seems
like every possible combination which i don't understand - It must be me who
is missing something

Can anybody please help me?

Here is the rules i have setup now:

#!/bin/sh
fw="/sbin/ipfw"

$fw -f flush

$fw add allow all from xxx.xxx.xxx.xxx to any
$fw add allow tcp from any to xxx.xxx.xxx.xxx 3389
$fw add allow tcp from xxx.xxx.xxx.xxx 3389 to any
$fw add allow icmp from any to xxx.xxx.xxx.xxx
$fw add allow icmp from xxx.xxx.xxx.xxx to any
$fw add allow udp from xxx.xxx.xxx.xxx to any
$fw add allow udp from any to xxx.xxx.xxx.xxx
$fw add allow all from any to xxx.xxx.xxx.xxx
$fw add allow all from xxx.xxx.xxx.xxx to any

$fw add deny all from any to xxx.xxx.xxx.xxx
#$fw add deny all from xxx.xxx.xxx.xxx to any


Kind regards
Michael


Lowell Gilbert

unread,
Aug 28, 2004, 10:56:41 AM8/28/04
to
comp.unix.bsd.freebsd is not widely propagated, so you won't
necessarily get much help here (in comp.unix.bsd.freebsd).
See http://www.freebsd.org/support.html for better ideas...
[followups redirected accordingly]

"Michael" <michae...@webudvikler.dk(Remove NOSPAM)> writes:

> I have setup a FreeBSD box as a transparent bridge/router - I have an
> assigned /28 net which i am using for some servers.
> I have added some rules to the firewall to allow certain types of traffic -
> i am looking to allow in and outgoing ftp, http, pop3, smtp, ssl traffic - I
> have it working with pinging and DNS lookups and Remote Desktop(for the
> windows boxes) but i cant get it to work so i can open webpages from the
> server - If i open a browser on the server and try to open a webpage it
> dosn't work - but it works if i remove all the deny rules.

I can't really believe that. Was the list you submitted actually
cut-and-pasted from your real rules?

Try starting with the /etc/rc.firewall as an example...

0 new messages