Displaying 20 results from an estimated 600 matches similar to: "accessing a jail via localhost"
2003 Nov 21
0
how to get IPFW rules for SMTP server behind NAT server "right"?
hi all,
i've been struggling with setting appropriate rules for an SMTP-server
behind by NAT'd firewall.
it's not that there is too little info on the web -- or here, for that
matter -- there's scads of it for seemingly endless configs/req'ts --
none that seem to be exactly my own.
bottom line: i'm a bit confused, and looking for some experienced
advice.
my goals (for
2004 May 11
3
quick FW question
I hope this isn't too off topic, but I'd like a quick solution to a
problem.
I have a small network behind a NAT firewall (FreeBSD of course) and I'd
like to block/redirect all traffic from the internal network to the
local mail server (same box as firewall) in order to prevent direct smtp
requests to the outside world (mainly virus/trokan programs).
I think I have it right in this
2003 Apr 25
2
firewalling help/audit
Hi !
First of all, I am sorry if this is not the list for that, but I've been
learning (a little bit...) a way to implement a freeBSD firewall.
So far I came up with a set of rules I would like to show you for commenting.
I am sure there're a lot of errors and/or stupid rules (I am not sure the
rules order is good for what I need) and I would be really pleased if one
could have a look
2003 Sep 20
4
Maximum retries exceeded w/SIP
First of all, I'd like to send a big "thank you" to all the folks who have
helped me get this far.
Now on to the next problem. Here's my current network setup:
The Big I ---+--- FreeBSD FW --- * (10.0.0.253) ---- PC (10.0.0.1)
|
+--- Laptop (public IP)
natd is set up with the following rules:
redirect_port udp 10.0.0.253:10000-20000 10000-20000
2003 Jun 02
6
4.8-Stable DummyNet
Hi. We just opened a gaming center and have chosen to run a FreeBsd box for
our firewall. IPFW is configured at it's very basic running natd through rl0
and allowing any to any connections from the lan to the outer world. Natd
controls access to the lan.
We have a 6.0 mb/s ADSL net connection for all the gaming clients to use,
however if a gamer starts downloading a file, that file
2003 Aug 18
0
question about routing, firewall, natd and bridge
Hallo there,
I had to change the provider. And after that my public IP adress are
routed straight through FreeBSD Box. What is it
best way to do it?
I personally done it the way, where exist the localnet alias for every
interface... eg..
ifconfig_ed0="inet 62.168.40.188 netmask 255.255.255.252 broadcast
62.168.40.191"
after that there is local interface 192.168.1.1/255
and it's
2004 Nov 21
1
[Fwd: Re: Importing into rc.firewal rules]
Hi,
> On Sat, Nov 20, 2004 at 01:32:15PM -0500, Francisco Reyes wrote:
>> I have a grown list of IPs that I am "deny ip from ###.### to any".
Infected machines, hackers, etc..
>>
>> Is there a way to have this list outside of rc.firewall and just read
it in?
>
from man ipfw
LOOKUP TABLES
Lookup tables are useful to handle large sparse address sets, typically
2003 May 26
0
ip_input.c
Hi, secfolks.
While reading ip_input.c I have met following lines:
;-------------------------------------------------
/* 127/8 must not appear on wire - RFC1122 */
if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
(ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
if ((m->m_pkthdr.rcvif->if_flags &
2006 Nov 11
5
src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
Hi security@ list,
In my self written, large ipfw rule set, I had something that passed
http to allow me to browse most but not all remote sites. For years
I assumed the few sites I had difficulty with were cases pppoed MTU
!= 1500, from not having installed tcpmssd on my 4.*-RELEASE, but
then running 6.1-RELEASE I realised that wasn't the problem.
http://www.web.de Still failed, &
2003 Jun 03
0
natd and logging
I have setup natd, enabled logging with -l and it is working
perfectly. However is there a more detailed log to see the translation
tables. I need to log the ipaddress internal 172.*.*.* to the outside with
what port is being used. natd just seems to log the statistics such as
icmp=5 and so on. If natd does not have this function what does?
2003 Jun 08
1
redirect unauthorized users to a login page (natd as a transparent proxy)
Hello
I am trying to redirect all http traffic of unauthorized wifi users on a
wireless hotspot to a login page. The problem I have is that I can not
disable the regular address translation (I want the source address to stay
the same).
10.0.0.7 is the wifi client
195.250.155.29 is the web wifi user tries to access from his browser
195.113.17.94 is my login page
10.0.0.1 is the wifi
2003 May 07
4
IPFW Bandwidth throttling?
I am trying to limit outgoing SMTP traffic to about 14 Mbps and these are
the IPFW rules I am using.
${fwcmd} add pipe 1 tcp from 192.168.0.0/24 to any 25 out via dc0
${fwcmd} pipe 1 config bw 14Mbit/s
I've tried multiple tweaks to the pipe rule and I seem to be missing
something. I only get about half the bandwidth I specify. Is this normal
behavior? Is there something wrong
2003 Dec 23
2
address specified as 1.2.3.4/24{128,35-55,89} Is this Correct ????
The man page gives this example, however, when I attempt to use it, it seems
to block the whole set?
Could someone tell me what's going wrong here please. Thanks heaps..
This works,
${fwcmd} add deny log all from any to 203.1.96.1 in via ${oif}
This blocks the whole IP block, not just the list?
${fwcmd} add deny log all from any to 203.1.96.0/24{2,6-25,27-154,156-19
2003 Oct 30
1
Using racoon-negotiated IPSec with ipfw and natd
[ -netters, please Cc me or security@ with replies. ]
I'm running into trouble integrating dynamic racoon-based IPSec into a network
with ipfw and natd. I need to be able to allow VPN access from any address
from authenticated clients. I've got the dynamic VPN working, with racoon
negotiating SAs and installing SPs, but the problem is that I can't tell
whether an incoming packet on
2007 Feb 18
1
Secure shared web hosting using MAC Framework
Hi all,
I am looking at securing a web server using the FreeBSD MAC Framework.
To make things clear I will call the hosted users "web users". Those are the issues I am dealing with:
** Network Security **
- Web users shouldn't be able to connect to reserved local ports apart from 25(smtp); 80(http); 443(https) and 3306(MySQL)
Solution:
run the web server and web users shell in
2004 Feb 19
2
traffic normalizer for ipfw?
Hi there,
Is there some way to configure ipfw to do traffic
normalizing ("scrubbing", as in ipf for OpenBSD)? Is
there any tool to do it for FreeBSD firewalling?
I've heard that ipf was ported on current, anything
else?
TIA,
/Dorin.
__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools
2003 Dec 23
0
No subject
The man page gives this example, however, when I attempt to use it, it ssems
to block the whole set?
Could someone tell me what's going wrong here please. Thanks heaps..
This works,
${fwcmd} add deny log all from any to 203.1.96.1 in via ${oif}
This blocks the whole IP block, not just the list?
${fwcmd} add deny log all from any to 203.1.96.0/24{2,6-25,27-154,156-19
2003 Dec 23
0
How do I pass WWW (80) through the firewall on two NICs ?
I'm getting lost ...
Running two NICs - no problem. But trying to screw down the rules a bit and getting lost on passing the www - or port 80, through the firewall both waqys.
There are WebServers - real and virtual, on the inside interface, with their own PublicIP. I'm not using the OutsideInterface as their web address, as I'm using my own DNS etc.
So, in rc.firewall, what do I
2003 Sep 15
5
strange problem with: ed driver / 4.9-PRE
Hi,
in the kernel I have these lines:
[...]
device miibus # MII bus support
device rl
device ed
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=0 #limit verbosity
options IPDIVERT #divert sockets
options DUMMYNET
2003 May 12
1
[Fwd: Re: Down the MPD road]
Made a typo in the cc: line. Coffee time, I guess.
-------- Original Message --------
Date: Mon, 12 May 2003 19:52:17 -0400
From: Bob K <melange@yip.org>
To: Michael Collette <metrol@metrol.net>
CC: freebsd.-security@freebsd.org
Subject: Re: Down the MPD road
> I did this, and it does correct the immediate problem. Of course, it
> also
> creates a new glitchy.
>