Displaying 20 results from an estimated 1000 matches similar to: "Reality check: IPFW sees SSH traffic that sshd does not?"
2003 Jun 11
7
IPFW: combining "divert natd" with "keep-state"
I've been using ipfw for a while to create a router with NAT
and packet filtering, but have never combined it with
stateful filtering, instead using things like "established" to
accept incoming TCP packets which are part of a conversation
initiated from the "inside".
I'd like to move to using keep-state/check-state to get tighter
filtering and also to allow outgoing
2003 Apr 25
2
firewalling help/audit
Hi !
First of all, I am sorry if this is not the list for that, but I've been
learning (a little bit...) a way to implement a freeBSD firewall.
So far I came up with a set of rules I would like to show you for commenting.
I am sure there're a lot of errors and/or stupid rules (I am not sure the
rules order is good for what I need) and I would be really pleased if one
could have a look
2005 Nov 22
2
ipfw check-state issue
heya
i've been using freebsd's ipfw for quite a while and recently on a new
server i've got this issue with ipfw that i can't understand ... something
is wrong ...
01000 8042 1947866 allow ip from any to any via fxp0
01010 0 0 allow ip from any to any via lo0
01014 9886 4170269 divert 8668 ip from any to any in via vr0
01015 0 0 check-state
01130 14679 5695969 skipto 1800 ip from
2008 Aug 21
12
machine hangs on occasion - correlated with ssh break-in attempts
Hello!
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180
Aug 12 10:21:18 symbion sshd[4335]: Invalid user mythtv from 85.234.158.180
Aug 12 10:21:20 symbion sshd[4337]: Invalid user mythtv from 85.234.158.180
Aug 12
2008 Aug 21
12
machine hangs on occasion - correlated with ssh break-in attempts
Hello!
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180
Aug 12 10:21:18 symbion sshd[4335]: Invalid user mythtv from 85.234.158.180
Aug 12 10:21:20 symbion sshd[4337]: Invalid user mythtv from 85.234.158.180
Aug 12
2003 Oct 30
1
Using racoon-negotiated IPSec with ipfw and natd
[ -netters, please Cc me or security@ with replies. ]
I'm running into trouble integrating dynamic racoon-based IPSec into a network
with ipfw and natd. I need to be able to allow VPN access from any address
from authenticated clients. I've got the dynamic VPN working, with racoon
negotiating SAs and installing SPs, but the problem is that I can't tell
whether an incoming packet on
2004 Nov 20
7
Importing into rc.firewal rules
I have a grown list of IPs that I am "deny ip from ###.### to any".
Infected machines, hackers, etc..
Is there a way to have this list outside of rc.firewall and just read it
in?
2006 Apr 17
3
IPFW Problems?
Hi,
I have a system with a 4.11 Kernel. Unless I'm doing something very
wrong, there seems to be something odd with ipfw.
Take the following rules:
ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep-
state
ipfw add 00299 deny log all from any to any out via bge0
ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit
src-addr 2
ipfw add 00499 deny log
2005 May 11
3
icmp problem
hi i have a problem with my icmp, i have a router that
performs nat. i cannot ping to internet hosts from
more than one stations situated behind NAT at once. if
i want to ping from another station i have to stop the
ping that was initiated from the first host, and after
a few seconds i can ping from another station.i've
checked firewll and i have no ipfw rules that could
stop icmp traffic.
2003 Jun 02
6
4.8-Stable DummyNet
Hi. We just opened a gaming center and have chosen to run a FreeBsd box for
our firewall. IPFW is configured at it's very basic running natd through rl0
and allowing any to any connections from the lan to the outer world. Natd
controls access to the lan.
We have a 6.0 mb/s ADSL net connection for all the gaming clients to use,
however if a gamer starts downloading a file, that file
2003 May 31
3
Packet flow through IPFW+IPF+IPNAT ?
Hi.
On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all:
- IPFW - traffic accounting, shaping, balancing and filtering;
- IPFilter - policy routing;
- IPNAT - masquerading.
I want to know, how IP-packets flow through all of this components?
What's the path?
incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ?
outgoing: IPFW Layer2 ->
2004 Feb 24
3
improve ipfw rules
>> 3. I'm intrested in blocking kazaa/P2P trafic with IPFW any help in this
issue
you could possibly block connections at known p2p ports.
deny tcp from any to any 6699 step
but most of the newer protocols use dynamic ports and in turn, are
configurable.
so ipfw isn't exactly ideal on it's own for this.
-r.
-----Original Message-----
From: Pons [mailto:pons@gmx.li]
Sent:
2003 May 12
1
[Fwd: Re: Down the MPD road]
Made a typo in the cc: line. Coffee time, I guess.
-------- Original Message --------
Date: Mon, 12 May 2003 19:52:17 -0400
From: Bob K <melange@yip.org>
To: Michael Collette <metrol@metrol.net>
CC: freebsd.-security@freebsd.org
Subject: Re: Down the MPD road
> I did this, and it does correct the immediate problem. Of course, it
> also
> creates a new glitchy.
>
2005 May 17
1
ipfw question
does anyone what is the ipfw equivalent line for this
one?
rdr fxp0 external_ip_addres/32 port 69 -> 192.168.66.3
port 69 udp
i use a tftpd server behind a nat and i want to
redirect all trafic coming from internet on port 69 to
the tftpd server
10x for help
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
2003 Apr 30
6
how to configure a FreeBSD firewall to pass IPSec?
I have a FreeBSD box acting as a firewall and NAT gateway
I would like to set it up to transparently pass IPSec packets -- I have
an IPSec VPN client running on another machine, connecting to a remote network.
Is there a way to do this? I can't find any hints in the man pages.
2004 May 11
3
quick FW question
I hope this isn't too off topic, but I'd like a quick solution to a
problem.
I have a small network behind a NAT firewall (FreeBSD of course) and I'd
like to block/redirect all traffic from the internal network to the
local mail server (same box as firewall) in order to prevent direct smtp
requests to the outside world (mainly virus/trokan programs).
I think I have it right in this
2004 Feb 19
2
traffic normalizer for ipfw?
Hi there,
Is there some way to configure ipfw to do traffic
normalizing ("scrubbing", as in ipf for OpenBSD)? Is
there any tool to do it for FreeBSD firewalling?
I've heard that ipf was ported on current, anything
else?
TIA,
/Dorin.
__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools
how to get IPFW rules for SMTP server behind NAT server "right"? (freebsd-security: message 1 of 20)
2003 Nov 21
1
how to get IPFW rules for SMTP server behind NAT server "right"? (freebsd-security: message 1 of 20)
-- On Friday, November 21, 2003 12:48 PM -0800 "David Wolfskill - david@catwhisker.org"
<+freebsd-security+openmacnews+0459602105.david#catwhisker.org@spamgourmet.com> wrote:
David,
thanks for your reply!
>> i've been struggling with setting appropriate rules for an SMTP-server
>> behind by NAT'd firewall.
>
> OK....
<snip>
>
>>
2003 Oct 22
9
IPSec VPNs: to gif or not to gif
I will shortly be replacing a couple of proprietary VPN boxes
with a FreeBSD solution. Section 10.10 of the Handbook has a
detailed description of how to do this.
However I remember a lot of discussion about a year ago about
whether the gif interface was necessary to set up VPNs like
this or whether it was just a convenience, for "getting the
routing right". A number of people said
2005 Feb 03
1
need ipfw clarification
Hello,
I noticed that after enabling firewall in my kernel (5.3-release), my
dmesg now gives me this:
ipfw2 initialized, divert disabled, rule-based forwarding disabled,
default to accept, logging limited to 5 packets/entry by default
On 5.2.1, I used to get this:
ipfw2 initialized, divert disabled, rule-based forwarding enabled,
default to accept, logging disabled
If both cases, I am