Lose Internet Acces

lezde716

lezde716

I lose my internet connection when I enable 65534 rule found below.

Any suggestion about ipfw rules. Any help is highly appreciated.

Thank you.

This is my rc.conf configuration

Code: 
defaultrouter="external ip gateway"
gateway_enable="YES"
hostname="hostname"
ifconfig_igb0="inet external ip netmask 255.255.255.0"
ifconfig_igb1="inet internal ip netmask 255.255.255.0"
keymap="us.iso"
sshd_enable="YES"

# DHCP Configuration
dhcpd_enable="YES"
dhcpd_iface="igb1"

# DNS Configuration
named_enable="YES"
named_auto_forward="YES"

# NATD Configuration
natd_enable="YES"
natd_interface="igb0"
# natd_flags="-f /etc/natd.conf"

# FIREWALL
firewall_enable="YES"
firewall_type="CLOSE"
firewall_script="/etc/ipfw.rules"

# SQUID Configuration
squid_enable="YES"

this is ipfw rules.

Code: 
# Set rules command prefix
fwcmd="ipfw -q add"
fwpipe="ipfw pipe"


ipfw -f flush
ipfw -f pipe flush
 
ext_if="igb0"			# Public Interface Name of NIC
ext_ip="192.168.5.227"		# External Static IP Address

int_if="igb1"			# Internal Interface Name of NIC
int_nt="192.168.0.0/24"		# Internal Network
int_ip="192.168.0.1"		# Internal Static IP Address

# Loopback Address
${fwcmd} 00100 allow all from any to any via lo0
${fwcmd} 00101 allow all from any to any via lo0
${fwcmd} 00102 deny all from any to 127.0.0.0/8
${fwcmd} 00103 deny ip from 127.0.0.0/8 to any

# NATD Rules
${fwcmd} 00200 divert natd ip4 from any to any via ${ext_if}

# Port Forwarding Squid Transparent Proxy
${fwcmd} 00202 fwd ${ext_ip},3128 tcp from any to any 80 in recv ${int_if}

# Statefull
${fwcmd} 00203 check-state
${fwcmd} 00204 deny all from any to any frag
${fwcmd} 00205 allow all from any to any out keep-state

# Allow IP fragments to pass through
${fwcmd} 00302 pass all from any to any frag

# Allow Internal Network
${fwcmd} 00303 allow ip from any to any via ${int_if}
${fwcmd} 00304 allow ip from any to me
${fwcmd} 00304 allow ip from me to any   

# Allow out send & get email function
${fwcmd} 00401 allow tcp from any to any 25 
${fwcmd} 00402 allow tcp from any to any 26 
${fwcmd} 00403 allow tcp from any to any 110 

# Allow Access to DNS
${fwcmd} 00501 allow tcp from any to me 53 
${fwcmd} 00502 allow tcp from any to any 53 
${fwcmd} 00503 allow udp from any to any 53 
${fwcmd} 00504 allow udp from me 53 to any 


# Allow Access to WWW
${fwcmd} 00601 allow tcp from any to me 80 
${fwcmd} 00602 allow tcp from any to any 80 
${fwcmd} 00603 allow tcp from any to me 443 
${fwcmd} 00604 allow tcp from any to any 443 
${fwcmd} 00605 allow tcp from any to any 8080 

# Allow Access to FTP
${fwcmd} 00606 allow tcp from any to any 21 

# All Internal Network to use Proxy
${fwcmd} 00700 allow ip from ${int_ip} to me 3128 keep-state

# Allow out & in console traceroot command
${fwcmd} 00701 allow udp from me to any 33435-33500 out via ${ext_if} keep-state  
${fwcmd} 00702 allow log icmp from any to me icmptype 3,11 in via ${ext_if} limit src-addr 2

# Allow out SSH
${fwcmd} 00703 deny tcp  from any to any 22 out via ${ext_if} setup keep-state

# Public pings Allow or deny
${fwcmd} 00704 deny icmp from any to any in via ${ext_if}

# Stop & log ping echo attacks
${fwcmd} 00705 deny log icmp from any to me icmptype 0,8 in via ${ext_if}

# Allow Mysql port
${fwcmd} 00706 allow tcp from any to any 3306 

# Drop Bittorrent Traffic
${fwcmd} 00803 drop ip from any to ${int_nt} 7508-27258 in via ${ext_if}
  
# Allow Establish Connection
${fwcmd} 00901 allow all from any to any established

# By default deny everything else
[B]${fwcmd} 65534 deny log logamount 1000 all from any to any in via ${ext_if}
 
You must log in or register to reply here.
Back
Top