Hi Guys,
I have a box with FreeBsd 8.0-Release, runnig ipfw as firewall.
So, i have some rules to block "WLM" on squid and it's working good, but, on the ipfw there
are some problems. I will tell you how was my network config:
Interfaces
-----------------------------------------------
if external = rl1
if internal = rl0
They are defined on ipfw script as ife and ifi.
|-Rules
||-Defining WLM Servers ip's and free ip's from my network that can connect to them
...
Rule #09320
Rule #09420
...
|-Allowing all from ipfw external ip to any
Rule #14720
Well, when i try to connect from any ip from my network, ipfw Deny the connection if the ip are not defined in the variable "freeWLM" on the rule #09320, but next it Allows the connection from external interface of firewall to the port 1863 using the rule #14720 and then the ip that initiate the connection of WLM get's ON-LINE.
If i remove the rule #14720, no one of the ip's in my network, include those on the freeWLM variable can connect to the WLM servers, as show the log security:
The rule #65534 is:
Thank you for help me out.
I have a box with FreeBsd 8.0-Release, runnig ipfw as firewall.
So, i have some rules to block "WLM" on squid and it's working good, but, on the ipfw there
are some problems. I will tell you how was my network config:
Interfaces
-----------------------------------------------
if external = rl1
if internal = rl0
They are defined on ipfw script as ife and ifi.
|-Rules
||-Defining WLM Servers ip's and free ip's from my network that can connect to them
Code:
WLMServers="64.4.0.0/16,65.55.72.0/24"
Code:
freeWLM="192.168.x.x,192.168.x.y,192.168.x.z"Rule #09320
Code:
${fwcmd} add set 13 allow log all from ${freeWLM} to any dst-port 1863 out via ${ife} setup keep-stateRule #09420
Code:
${fwcmd} add set 13 allow log all from ${freeWLM} to ${WLMServers} dst-port 80,443 out via ${ife} setup keep-state|-Allowing all from ipfw external ip to any
Rule #14720
Code:
${fwcmd} add set 23 allow log tcp from me to any out via ${ife} setup keep-stateWell, when i try to connect from any ip from my network, ipfw Deny the connection if the ip are not defined in the variable "freeWLM" on the rule #09320, but next it Allows the connection from external interface of firewall to the port 1863 using the rule #14720 and then the ip that initiate the connection of WLM get's ON-LINE.
If i remove the rule #14720, no one of the ip's in my network, include those on the freeWLM variable can connect to the WLM servers, as show the log security:
Code:
Aug 12 11:14:48 neoproxy kernel: ipfw: 9320 Accept TCP 192.168.Y.X:49751 65.54.52.254:1863 in via rl0
Aug 12 11:14:48 neoproxy kernel: ipfw: 65534 Deny TCP 192.168.A.B:49751 65.54.52.254:1863 out via rl1The rule #65534 is:
Code:
${fwcmd} add 65534 set 24 deny log logamount 50000 all from any to anyThank you for help me out.
