DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th November 2012
WarrenB WarrenB is offline
New User
 
Join Date: Nov 2012
Posts: 1
Default firewall problem

Hello,

I am trying to open port 8125 for outgoing traffic but nothing I seem to do is working? I am using "ipfw add allow udp from any to x.x.x.x dst-port 8125 vi any" and few combination of that line. No matter what combination of the above line I try I am not able to send out on that port. I have already checked for any deny rules and there are none that would prevent me from sending out to a specific udp port. Is there any other way to open/enable ports in freebsd??

Thanks
Warren
Reply With Quote
  #2   (View Single Post)  
Old 12th November 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

Usually TCP/UDP ports are not blocked by default. Unless you run a packet filter and use a default blocking rule. In that case you will have to open an port with an packet filter rule that allows traffic with that destination port out.

If you change the port number to 53 you should be able to use DNS queries like:
Code:
 $ dig www.freebsd.org
Does that work?

My ipfw skills are very rusty. But with "pf" you will have to do something like this

Code:
ext_if = re0
block log all
pass out quick on $ext_if inet udp  from any to any port 8125 keep state
Be warned that this blocks everything including incoming ssh, so you should not use this if you are dealing with a remote client

The nice thing with pf is that you can run tcpdump on the /dev/pflog0 device and see the packets which are being blocked.
With the above sample pf.conf udp DNS queries with destination port 53 are being blocked and shown as follows:
Code:
$ sudo tcpdump -tttnei pflog0
Nov 12 22:29:29.283970 rule 0/(match) block out on re0: 192.168.222.20.46971 > 192.168.222.10.53: 8001+[|domain]
Nov 12 22:29:34.292638 rule 0/(match) block out on re0: 192.168.222.20.46971 > 192.168.222.10.53: 8001+[|domain]
Nov 12 22:29:39.302588 rule 0/(match) block out on re0: 192.168.222.20.46971 > 192.168.222.10.53: 8001+[|domain]
This is a nice way to debug firewall rules.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Needs for a firewall milo974 OpenBSD Security 1 31st December 2009 03:00 PM
PF firewall bsdnewbie999 OpenBSD General 3 28th April 2009 12:35 PM
Firewall routing Magoo FreeBSD General 9 4th November 2008 04:39 PM
Firewall problem? dctr FreeBSD Security 6 17th June 2008 06:24 PM
Web GUI for firewall ? giga FreeBSD General 6 8th May 2008 05:10 AM


All times are GMT. The time now is 11:53 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick