amd64/97504: IPFW Rules bug
Marcelo Machado
marcelo_vt at hotmail.com
Sat May 20 06:20:21 PDT 2006
The following reply was made to PR amd64/97504; it has been noted by GNATS.
From: "Marcelo Machado" <marcelo_vt at hotmail.com>
To: <bug-followup at FreeBSD.org>
Cc:
Subject: RE: Re: amd64/97504: IPFW Rules bug
Date: Sat, 20 May 2006 13:12:54 +0000
--_d6bc2cbb-35e5-41b5-9720-9114e24f7867_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Thanks for the assistance Oliver!
=20
=20
But, I have a question, I'm only using IP's and not names, still they look =
for the DNS?
=20
How can I fix it? My firewall is Freebsd 6 and the Dataserver and most of W=
ebservers are Windows and one Linux.
=20
Thanks a Lot!!
=20
Best Regards,
Marcelo
> Date: Sat, 20 May 2006 13:28:29 +0200> From: olli at lurza.secnetix.de> To: =
bug-followup at FreeBSD.org; marcelo_vt at hotmail.com> Subject: Re: amd64/97504:=
IPFW Rules bug> > Marcelo Machado <marcelo_vt at hotmail.com> wrote:> > > Nu=
mber: 97504> > > Synopsis: IPFW Rules bug> > > [...]> > I'=
ve added the following rules to the ipfw.rules:> > > > ipfw add 100 allow=
all from 192.168.100.3 to 192.168.100.4> > ipfw add 110 allow all from 19=
2.168.100.4 to 192.168.100.3> > ipfw add 65535 deny all from any to any > =
> > > With these rules the 192.168.100.3 should ping or interact with> >=
192.168.100.4 normally, but don't. But if I add this line:> > > > ipfw a=
dd 1 allow all from any to any> > > > they talk each other normally, but =
the most problem comes next,> > if I:> > > > ipfw delete 1> > > > Ever=
ything begins to work as they should, only these IP's can talk> > with eac=
h other on the net.> > You probably forgot to allow access to/from your DNS=
server,> or something similar. The rule #1 will shortly allow that> acces=
s, and when you delete that rule again, it still works> because the DNS res=
ults are cached.> > Best regards> Oliver> > -- > Oliver Fromme, secneti=
x GmbH & Co. KG, Marktplatz 29, 85567 Grafing> Dienstleistungen mit Schwerp=
unkt FreeBSD: http://www.secnetix.de/bsd> Any opinions expressed in this me=
ssage may be personal to the author> and may not necessarily reflect the op=
inions of secnetix in any way.> > "I made up the term 'object-oriented', an=
d I can tell you> I didn't have C++ in mind."> -- Alan Kay, OOPSLA =
'97
_________________________________________________________________
MSN Busca: f=E1cil, r=E1pido, direto ao ponto.=20
http://search.msn.com.br=
--_d6bc2cbb-35e5-41b5-9720-9114e24f7867_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>=0A=
<head>=0A=
<style>=0A=
P=0A=
{=0A=
margin:0px;=0A=
padding:0px=0A=
}=0A=
body=0A=
{=0A=
FONT-SIZE: 10pt;=0A=
FONT-FAMILY:Tahoma=0A=
}=0A=
</style>=0A=
</head>=0A=
<body><P>Thanks for the assistance Oliver!</P>
<P> </P>
<P> </P>
<P>But, I have a question, I'm only using IP's and not names, still they lo=
ok for the DNS?</P>
<P> </P>
<P>How can I fix it? My firewall is Freebsd 6 and the Dataserver and most o=
f Webservers are Windows and one Linux.</P>
<P> </P>
<P>Thanks a Lot!!</P>
<P> </P>
<P>Best Regards,</P>
<P>Marcelo<BR><BR></P>
<P>
<HR id=3DstopSpelling>
</P>
<P>> Date: Sat, 20 May 2006 13:28:29 +0200<BR>> From: olli at lurza.secn=
etix.de<BR>> To: bug-followup at FreeBSD.org; marcelo_vt at hotmail.com<BR>>=
; Subject: Re: amd64/97504: IPFW Rules bug<BR>> <BR>> Marcelo Ma=
chado <marcelo_vt at hotmail.com> wrote:<BR>> >&nb=
sp;> Number: 9=
7504<BR>> > > Synopsis: &nb=
sp; IPFW Rules bug<BR>> > > [=
...]<BR>> > I've added the following r=
ules to the ipfw.rules:<BR>> > <BR>> &nb=
sp;> ipfw add 100 allow all from 192.=
168.100.3 to 192.168.100.4<BR>> > ipfw add&=
nbsp;110 allow all from 192.168.100.4 to 192.=
168.100.3<BR>> > ipfw add 65535 deny a=
ll from any to any <BR>> > <BR>&g=
t; > With these rules the 192.168.100.3&n=
bsp;should ping or interact with<BR>> >&nbs=
p;192.168.100.4 normally, but don't. But if I=
add this line:<BR>> > <BR>> >&=
nbsp;ipfw add 1 allow all from any to&nb=
sp;any<BR>> > <BR>> > they talk =
;each other normally, but the most problem&nb=
sp;comes next,<BR>> > if I:<BR>> >&n=
bsp;<BR>> > ipfw delete 1<BR>> >&nbs=
p;<BR>> > Everything begins to work as=
they should, only these IP's can talk<B=
R>> > with each other on the net.=
<BR>> <BR>> You probably forgot to allow acc=
ess to/from your DNS server,<BR>> or something&=
nbsp;similar. The rule #1 will shortly =
allow that<BR>> access, and when you delete&nbs=
p;that rule again, it still works<BR>> because&=
nbsp;the DNS results are cached.<BR>> <BR>> Best&=
nbsp;regards<BR>> Oliver<BR>> <BR>> -- <BR>=
> Oliver Fromme, secnetix GmbH & Co.&=
nbsp;KG, Marktplatz 29, 85567 Grafing<BR>> Dienstlei=
stungen mit Schwerpunkt FreeBSD: http://www.secnetix.de=
/bsd<BR>> Any opinions expressed in this messag=
e may be personal to the author<BR>> and&n=
bsp;may not necessarily reflect the opinions =
of secnetix in any way.<BR>> <BR>> "I made&n=
bsp;up the term 'object-oriented', and I can&=
nbsp;tell you<BR>> I didn't have C++ in mi=
nd."<BR>> -- Alan&n=
bsp;Kay, OOPSLA '97<BR></P><br /><hr />MSN Busca: f=E1cil, r=E1pi=
do, direto ao ponto. <a href=3D'http://search.msn.com.br' target=3D'_new'>=
Encontre o que voc=EA quiser. Clique aqui.</a></body>=0A=
</html>=
--_d6bc2cbb-35e5-41b5-9720-9114e24f7867_--
More information about the freebsd-amd64
mailing list