geekvenue.net

Welcome to Chucktips Hardware HELP WITH DEAD OS Installing FreeBSD Miscellaneous
 faq
 search
 add article
 cool-stuff
 how-to
 main
 tips
IPFilter on FreeBSD 4.6-STABLE
Networking and Connectivity Posted by Neafevoc on Wednesday August 21, @04:44PM
from the i-still-can't-seem-to-get-this-working dept.
I've done this a dozen times and I still can't get IPFilter to work correctly. I've read Marty's neat document on how to build a stable firewall with FBSD, and yet, I still can't get it to work.

I wanted to install IPF by recompiling the kernel with the appropriate options...

options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging
options IPFILTER_DEFAULT_BLOCK #block all packets by default
options IPSTEALTH #support for stealth forwarding options RANDOM_IP_ID

And then some :)

My /etc/rc.conf file does have gateway_enable and does list my network_interfaces that I'm using (including loopback). I also added these for IPF..

ipfilter_enable="YES"
ipfilter_flags=""
ipfilter_rules="/etc/ipf.rules"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"
ipmon_enable="YES"
ipmon_flags="-Dsvn"
icmp_drop_redirects="YES

My /etc/ipf.rules contain just two lines to make sure it's working...

pass in all
pass out all

...and /etc/ipnat.rules contain this one line just to let everything in and out...

map fxp0 10.0.0.0/24 -> XXX.224.XXX.XXX/29

(Hid real IP address for obvious reasons.)

Btw, my internal address I'm using is 10.0.0.1 if it really makes a difference.

Now on with the hardware. I know the switch I'm using is working because I'm trading it off with another machine that's currently running as our NAT/Firewall box. (I'm trading the switch back and forth until I have this new box with IPF running.) So I know the switch works. (And why am I replacing a firewall that already 'works', I wanted to try something new :))

Anyway, I think I've done this install (from scratch) a dozen times already following the same few guides I see floating around the web. (FreeBSD Diary's is kind of old, and Marty seems to update his guide quite often.)

Can someone show me some direction?

Add Reply

If this is a genuine post please ignore this field:

Name
Email
Notify Notify me via email of responses to this message
Title
Comment
(Check those URLs! Don't forget the http://!)
Encoding
If none of the above mean anything to you, select 'Plain'!
Attachment
(You can attach a file to your reply which can then be retrieved by other readers.
Try to keep the file sizes below 500Kb in order to conserve network and server resources.)
Allowed HTML <B> <I> <P> <A> <LI> <OL> <UL> <EM> <BR> <TT> <HR> <STRONG> <BLOCKQUOTE> <DIV .*> <DIV> <P .*>
Important Stuff:
  • Note: Fields with bold titles are required.
  • Please try to keep posts on topic.
  • Try to reply to other people comments instead of starting new threads,
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Please do not post offtopic, inflammatory, inappropriate, illegal, or offensive comments. Repeat offenders will be sanctioned.
    • "You never know how many friends you have until you own a Condo on the beach." -- Jason's Postulate

    Powered by Zope  Powered by Apache  Squishdot Powered
    All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest ©2001 Jason Neumann.
    [ main | post article | search ]