[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] [Qube2] ICMP IP Filtering

Subject: [cobalt-users] [Qube2] ICMP IP Filtering
From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
Date: Sun Apr 16 09:07:04 2000

I have a fairly basic IP filtering setup on my Qube2 that seems to be doing
what I want. I.e.,

[root@www /root]# ipfwadm -O -l
IP firewall output rules, default policy: accept

[root@www /root]# ipfwadm -I -l
IP firewall input rules, default policy: accept

type  prot source               destination          ports
acc   all  192.168.1.0/24       anywhere             n/a
deny  tcp  anywhere             anywhere             any -> tcpmux:24
deny  udp  anywhere             anywhere             any -> 1:24
deny  tcp  anywhere             anywhere             any -> 26:52
deny  udp  anywhere             anywhere             any -> 26:52
deny  tcp  anywhere             anywhere             any -> 54:finger
deny  udp  anywhere             anywhere             any -> 54:79
deny  tcp  anywhere             anywhere             any -> 82:pop-2
deny  udp  anywhere             anywhere             any -> 82:109
deny  tcp  anywhere             anywhere             any -> sunrpc:122
deny  udp  anywhere             anywhere             any -> sunrpc:122
deny  tcp  anywhere             anywhere             any -> 124:142
deny  udp  anywhere             anywhere             any -> 124:142
deny  tcp  anywhere             anywhere             any -> NeWS:1023
deny  udp  anywhere             anywhere             any -> 144:1023
deny  icmp anywhere             anywhere             any

[root@www /root]# ipfwadm -F -l
IP firewall forward rules, default policy: accept

type  prot source               destination          ports
acc/m all  192.168.1.0/24       anywhere             n/a
deny  tcp  anywhere             anywhere             any -> tcpmux:24
deny  udp  anywhere             anywhere             any -> 1:24
deny  tcp  anywhere             anywhere             any -> 26:52
deny  udp  anywhere             anywhere             any -> 26:52
deny  tcp  anywhere             anywhere             any -> 54:finger
deny  udp  anywhere             anywhere             any -> 54:79
deny  tcp  anywhere             anywhere             any -> 82:pop-2
deny  udp  anywhere             anywhere             any -> 82:109
deny  tcp  anywhere             anywhere             any -> sunrpc:122
deny  udp  anywhere             anywhere             any -> sunrpc:122
deny  tcp  anywhere             anywhere             any -> 124:142
deny  udp  anywhere             anywhere             any -> 124:142
deny  tcp  anywhere             anywhere             any -> NeWS:1023
deny  udp  anywhere             anywhere             any -> 144:1023
deny  icmp anywhere             anywhere             any
acc/m all  192.168.1.0/24       anywhere             n/a

However, I have read and experimented without success to find a way to
configure the IP filters to allow the internal workstations the ability to
ping (ICMP) the outside world and receive a response while keeping the
outside world from pinging the Qube2. The setup I have now denies any pings
to www.mydomain.com.  However, it also prevents the internal workstations
from pinging the outside world (although they can ping the Qube). I have
experimented with just about every configuration I can think of without
success.

Does any one have a scheme that will work?

Thanks.

Mike.

Follow-Ups:
- [cobalt-users] [Qube2] Firewall Logging
  - From: Mike Vanecek

Prev by Date: Re: [cobalt-users] [Qube2] Bad package file.
Next by Date: Re: [cobalt-users] Cobalt Alternative
Previous by thread: RE: [cobalt-users] Re: [Cobalt] POP before SMTP
Next by thread: [cobalt-users] [Qube2] Firewall Logging

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index