I have setup a FreeBSD box as a transparent bridge/router - I have an
assigned /28 net which i am using for some servers.
I have added some rules to the firewall to allow certain types of traffic -
i am looking to allow in and outgoing ftp, http, pop3, smtp, ssl traffic - I
have it working with pinging and DNS lookups and Remote Desktop(for the
windows boxes) but i cant get it to work so i can open webpages from the
server - If i open a browser on the server and try to open a webpage it
dosn't work - but it works if i remove all the deny rules.
I started by creating a rule which accepted ingoing and outgoing traffic on
port 80 - It didn't help - And now when i have a rule that accepts all in-
and outgoing from any IP it still dosn't work and i have tried what seems
like every possible combination which i don't understand - It must be me who
is missing something
Can anybody please help me?
Here is the rules i have setup now:
#!/bin/sh
fw="/sbin/ipfw"
$fw -f flush
$fw add allow all from xxx.xxx.xxx.xxx to any
$fw add allow tcp from any to xxx.xxx.xxx.xxx 3389
$fw add allow tcp from xxx.xxx.xxx.xxx 3389 to any
$fw add allow icmp from any to xxx.xxx.xxx.xxx
$fw add allow icmp from xxx.xxx.xxx.xxx to any
$fw add allow udp from xxx.xxx.xxx.xxx to any
$fw add allow udp from any to xxx.xxx.xxx.xxx
$fw add allow all from any to xxx.xxx.xxx.xxx
$fw add allow all from xxx.xxx.xxx.xxx to any
$fw add deny all from any to xxx.xxx.xxx.xxx
#$fw add deny all from xxx.xxx.xxx.xxx to any
Kind regards
Michael
"Michael" <michae...@webudvikler.dk(Remove NOSPAM)> writes:
> I have setup a FreeBSD box as a transparent bridge/router - I have an
> assigned /28 net which i am using for some servers.
> I have added some rules to the firewall to allow certain types of traffic -
> i am looking to allow in and outgoing ftp, http, pop3, smtp, ssl traffic - I
> have it working with pinging and DNS lookups and Remote Desktop(for the
> windows boxes) but i cant get it to work so i can open webpages from the
> server - If i open a browser on the server and try to open a webpage it
> dosn't work - but it works if i remove all the deny rules.
I can't really believe that. Was the list you submitted actually
cut-and-pasted from your real rules?
Try starting with the /etc/rc.firewall as an example...