I lose my internet connection when I enable 65534 rule found below.
Any suggestion about ipfw rules. Any help is highly appreciated.
Thank you.
This is my rc.conf configuration
this is ipfw rules.
Any suggestion about ipfw rules. Any help is highly appreciated.
Thank you.
This is my rc.conf configuration
Code:
defaultrouter="external ip gateway"
gateway_enable="YES"
hostname="hostname"
ifconfig_igb0="inet external ip netmask 255.255.255.0"
ifconfig_igb1="inet internal ip netmask 255.255.255.0"
keymap="us.iso"
sshd_enable="YES"
# DHCP Configuration
dhcpd_enable="YES"
dhcpd_iface="igb1"
# DNS Configuration
named_enable="YES"
named_auto_forward="YES"
# NATD Configuration
natd_enable="YES"
natd_interface="igb0"
# natd_flags="-f /etc/natd.conf"
# FIREWALL
firewall_enable="YES"
firewall_type="CLOSE"
firewall_script="/etc/ipfw.rules"
# SQUID Configuration
squid_enable="YES"
this is ipfw rules.
Code:
# Set rules command prefix
fwcmd="ipfw -q add"
fwpipe="ipfw pipe"
ipfw -f flush
ipfw -f pipe flush
ext_if="igb0" # Public Interface Name of NIC
ext_ip="192.168.5.227" # External Static IP Address
int_if="igb1" # Internal Interface Name of NIC
int_nt="192.168.0.0/24" # Internal Network
int_ip="192.168.0.1" # Internal Static IP Address
# Loopback Address
${fwcmd} 00100 allow all from any to any via lo0
${fwcmd} 00101 allow all from any to any via lo0
${fwcmd} 00102 deny all from any to 127.0.0.0/8
${fwcmd} 00103 deny ip from 127.0.0.0/8 to any
# NATD Rules
${fwcmd} 00200 divert natd ip4 from any to any via ${ext_if}
# Port Forwarding Squid Transparent Proxy
${fwcmd} 00202 fwd ${ext_ip},3128 tcp from any to any 80 in recv ${int_if}
# Statefull
${fwcmd} 00203 check-state
${fwcmd} 00204 deny all from any to any frag
${fwcmd} 00205 allow all from any to any out keep-state
# Allow IP fragments to pass through
${fwcmd} 00302 pass all from any to any frag
# Allow Internal Network
${fwcmd} 00303 allow ip from any to any via ${int_if}
${fwcmd} 00304 allow ip from any to me
${fwcmd} 00304 allow ip from me to any
# Allow out send & get email function
${fwcmd} 00401 allow tcp from any to any 25
${fwcmd} 00402 allow tcp from any to any 26
${fwcmd} 00403 allow tcp from any to any 110
# Allow Access to DNS
${fwcmd} 00501 allow tcp from any to me 53
${fwcmd} 00502 allow tcp from any to any 53
${fwcmd} 00503 allow udp from any to any 53
${fwcmd} 00504 allow udp from me 53 to any
# Allow Access to WWW
${fwcmd} 00601 allow tcp from any to me 80
${fwcmd} 00602 allow tcp from any to any 80
${fwcmd} 00603 allow tcp from any to me 443
${fwcmd} 00604 allow tcp from any to any 443
${fwcmd} 00605 allow tcp from any to any 8080
# Allow Access to FTP
${fwcmd} 00606 allow tcp from any to any 21
# All Internal Network to use Proxy
${fwcmd} 00700 allow ip from ${int_ip} to me 3128 keep-state
# Allow out & in console traceroot command
${fwcmd} 00701 allow udp from me to any 33435-33500 out via ${ext_if} keep-state
${fwcmd} 00702 allow log icmp from any to me icmptype 3,11 in via ${ext_if} limit src-addr 2
# Allow out SSH
${fwcmd} 00703 deny tcp from any to any 22 out via ${ext_if} setup keep-state
# Public pings Allow or deny
${fwcmd} 00704 deny icmp from any to any in via ${ext_if}
# Stop & log ping echo attacks
${fwcmd} 00705 deny log icmp from any to me icmptype 0,8 in via ${ext_if}
# Allow Mysql port
${fwcmd} 00706 allow tcp from any to any 3306
# Drop Bittorrent Traffic
${fwcmd} 00803 drop ip from any to ${int_nt} 7508-27258 in via ${ext_if}
# Allow Establish Connection
${fwcmd} 00901 allow all from any to any established
# By default deny everything else
[B]${fwcmd} 65534 deny log logamount 1000 all from any to any in via ${ext_if}