Re: reply

From: Alexandr Kovalenko (never@nevermind.kiev.ua)
Date: 05/16/02


Date: Thu, 16 May 2002 21:20:57 +0300
From: Alexandr Kovalenko <never@nevermind.kiev.ua>
To: mohammad mirzaeenasir <hezare3@hotmail.com>

Hello, mohammad mirzaeenasir!

On Thu, May 16, 2002 at 12:23:52PM +0000, you wrote:

> hi,
> thanks for your reply.I installed a transparent proxy on my machine with
> "ipfw" rules.everything is ok and i tested it.but someone told me that
> if you set your "kernel_secure_level = NO" , all kind of tcp connection
> will ignore by kernel and for example in the case of telneting it ,
> it will reply "connection timed out". and i checked it , he was quit
> right.i did so(kernel_secure_level=NO) but when i telnet my unix box, it
> will reply me "connection refused".
> now, plz help me to find out more.

It depends on how will you access your machine. If you're accessing via
ssh, you should add sshd_enable="YES" to your /etc/rc.conf. Now you
should determine which ports do you need to be open. For your case it
will be 22 (ssh), 3128 (squid). So you can allow only those ports with
ipfw add allow tcp from any to any 22 in recv ed0
ipfw add allow tcp from any 22 to any out xmit ed0
ipfw add allow tcp from any to any 3128 in recv ed0
ipfw add allow tcp from any 3128 to any out xmit ed0

and finally deny all other packets:
ipfw deny ip from any to any

P.S. securelevel has nothing to do with firewall.

-- 
NEVE-RIPE
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message