ipfw problem with ldap filtering.
in [FreeBSD]
|
From: Chuck Rock on 19 Feb 2007 14:42 I have a FreeBSD 4.2 firewall acting as a gateway. I have port forwarded ldap for external ldap queries to internal AD server. I need to keep out all unauthorized ldap queries and only allow a single IP address to communicate to the ldap port. The problem is, all I add is this line and the ldap queries fail even though I have no corresponding deny. ipfw add 105 allow ip from 99.99.99.99 to 12.34.56.78 via fxp0 fxp0 is the outside interface, and 99.99.99.99 is the remote IP requiring ldap conneciton to the firewall's IP 12.34.56.78 The firewall is open already, so why on earth would my ldap packets be denied from my remote IP just by adding the above line? The line used to read ipfw add 110 allow tcp from 99.99.99.99 to 12.34.56.78 389 via fxp0 And the ldap access still fails. Am I missing something stupid? Thanks, Chuck
From: Michael Ross on 19 Feb 2007 14:46 Am 19.02.2007, 20:42 Uhr, schrieb Chuck Rock <carock(a)epconline.com>: > I have a FreeBSD 4.2 firewall acting as a gateway. I have port forwarded > ldap for external ldap queries to internal AD server. quote manpage: When the packet matches a rule selection parameters, the rules action field value is executed and the search of the rule set terminates for that packet. Maybe your packets are allowed, and not forwareded anymore? HTH Michael
From: Chuck Rock on 19 Feb 2007 16:20 You the man! Thanks, I knew that and as soon as I read it, I was hitting my head. I fixed it with the skipto command. ipfw add 105 skipto 64000 tcp from 99.99.99.99 to any 389 via fxp0 line 64000 is my divert line. Thank you very much. Chuck "Michael Ross" <michael.ross(a)gmx.net> wrote in message news:op.tn0g8fwzhalquq(a)serafina... > Am 19.02.2007, 20:42 Uhr, schrieb Chuck Rock <carock(a)epconline.com>: > >> I have a FreeBSD 4.2 firewall acting as a gateway. I have port forwarded >> ldap for external ldap queries to internal AD server. > > quote manpage: > When the packet matches a rule selection parameters, the rules action > field value is executed and the search of the rule set terminates for that > packet. > > Maybe your packets are allowed, and not forwareded anymore? > > HTH > > Michael
|
Pages: 1 Prev: qwmu help Next: FreeBSD 6.2 does not reply to 802.1Q frame |