[luau] Firewall question..

yuser at hi.net yuser at hi.net
Wed Jul 31 15:27:00 PDT 2002


I for the life of me can not figure this out..

I have a floppy boot FreeSco router (similar to LRP) with 2 NIC's for my cable modem and internal lan.

eth0 is outside, eth1 is internal.

I am using ipportfw to forward outside port 22 to 192.168.0.1 port 22, and outside 11500 to 192.168.0.5 port 80.  This works great and ANYONE can get in.  Only problem is 
I only want 2 specific internet ip's to be able to get through the router and to these services.  

FreeSco uses ipfwadm, its a little old but that's my only choice.  It appears that the ipportfw rules take effect before and the ignore the ipfwadm rules and I can not restrict 
the incoming ip's.  Do I need to modify the -M rules for ipportfw restrictions instead of -I rules?


I have tried various forms of ipfwadm to block this from happeneing (not my goal to block all but for troubleshooting)

ipfwadm -I -a deny -P tcp -W eth0 -S 0/0 -D 0/0 22
ipfwadm -I -i deny -P tcp -W eth0 -S 0/0 -D 0/0 22
ipfwadm -I -a deny -P tcp -W eth0 -S 0/0 -D 192.168.0.1 22
ipfwadm -I -a deny -P tcp -S 0/0 -D 0/0 22
blah blah blah...

and various other forms, no matter what I try I can not get ipfwadm to block port 22 from being forwarded to my internal machine 

Am I going to have to run ipfwadm rules seperately on the internal target machines to limit access?










More information about the LUAU mailing list