Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ipfw]

IPFW is is a native firewall built into FreeBSD.

IPFW is a stateful firewall included in the basic FreeBSD install as a kernel loadable module and supports both IPv4 and IPv6. It is comprised of several components: the kernel firewall filter rule processor and its integrated packet accounting facility, the logging facility, NAT, the dummynet(4) traffic shaper, a forward facility, a bridge facility, and an ipstealth facility.

61 questions
71
votes
7 answers

iptables equivalent for mac os x

I want to forward requests from 192.168.99.100:80 to 127.0.0.1:8000. This is how I'd do it in linux using iptables: iptables -t nat -A OUTPUT -p tcp --dport 80 -d 192.168.99.100 -j DNAT --to-destination 127.0.0.1:8000 How do I do the same thing in…
nafe
  • 1,241
  • 1
  • 10
  • 8
24
votes
1 answer

Hostname to Localhost with Port - OSX

I am trying to run multiple Node.js web servers locally on my machine. Because the code I'm writing needs to reference a domain name I'd like to keep a convention of dev.myHost.com and point that to the non-port-80 service running from Node…
mondo
  • 383
  • 1
  • 2
  • 4
10
votes
1 answer

How do I enable IP-forwarding in MacOS X?

What is the correct way to enable IP-forwarding in MacOS X? More specifically, what is the MacOS X command line quivalent of the following two Linux commands: echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A FORWARD -j ACCEPT
knorv
  • 1,789
  • 6
  • 19
  • 29
6
votes
1 answer

FreeBSD Jail with Loopback IP, IPFW, and natd - Outbound connections fail from jail

I've got a FreeBSD 9.0 server. It has several jails, but they all have this same issue. They can not initiate connections to the outside world. They communicate with each other and the host fine. relevant rc.conf settings: firewall_enable="YES" …
Chris S
  • 77,337
  • 11
  • 120
  • 212
5
votes
1 answer

OS X 10.8: redirecting locally initiated ssh connections to localhost:22

I need to hack the OS X pf to redirect all ssh connections from an user to this machine. I want, when doing $ ssh google.com to get the same results as with $ ssh localhost ie a connection to my locally running sshd. Under a recent Linux, this…
foxx1337
  • 169
  • 1
  • 5
5
votes
2 answers

how can I access a webserver running on my NATed VMware Fusion guest from the rest of the subnet?

I am not allowed to run my VMWare guest in bridged mode, and I want to somehow tunnel from an agreed port on the Mac's external network interface to the webserver running on the VMWare fusion guest. My guess is that I can somehow set up a tunnel in…
Martin
  • 506
  • 2
  • 4
  • 13
3
votes
1 answer

Why isn't ipfw correctly limiting the bandwidth?

I've played around with the ipfw command on a Mac and tried to limit the bandwidth to 1MBit/s. sudo ipfw add pipe 1 ip from any to me sudo ipfw pipe 1 config bw 1MBit/s These are the statements I'm using. ipfw indeed limits the bandwidth…
TheLostOne
  • 83
  • 1
  • 5
2
votes
2 answers

ipfw based firewall slows down Apache web server

I have an Apache web server running on a FreeBSD 8.3 machine. That machine has an ipfw firewall with these rules: root@aigamedev:~# ipfw -a list 00005 0 0 deny ip from 67.212.xxx.xxx to any 00010 206 88422 allow ip from any to any via…
Matthias
  • 282
  • 3
  • 16
2
votes
1 answer

ipfw strange rules after reboot

I set this lines in my rc.conf: firewall_enable="YES" firewall_type="/etc/ipfw.rules" cat /etc/ipfw.rules add 02020 deny ip from table(10) to any add 02030 deny ip from table(11) to any dst-port 25 ... But after reboot, ipfw show : 00100 allow…
Korjavin Ivan
  • 2,230
  • 2
  • 25
  • 39
2
votes
3 answers

Mac OS X Firewall Configuration: what's the easiest way to do it?

On occasion I need to configure the firewall on OS X machines (10.5), and I've been trying to figure out the best (read: easy without sacrificing too much control) way to do it. So far it seems like my options are: Apple's built-in utility (System…
David Wolever
  • 2,237
  • 3
  • 23
  • 27
2
votes
1 answer

Traffic shaping with tc doesn't work for high delay and bandwidth

I'm using tc with kernel 2.6.38.8 for traffic shaping. Limit bandwidth works, adding delay works, but when shaping both bandwidth with delay, the achieved bandwidth is always much lower than the limit if the limit is >1.5 Mbps or so. Example: tc…
user308917
  • 21
  • 2
2
votes
1 answer

IPFW settings to allow trusted client to connect to Mac (e.g., over ssh)

I have the following ipfw settings on my Mac OS X 10.4 Tiger: 00100 allow ip from any to 123.123.123.123 00110 allow tcp from any to 123.123.123.123 00120 allow udp from any to 123.123.123.123 00130 allow ip from 123.123.123.123 to any 00140 allow…
cm007
  • 187
  • 1
  • 4
2
votes
1 answer

Converting iptables command to ipfw

I am trying to convert code I made on ubuntu work with osx. I do not know how to convert the iptables commands to ipfw commands. Any help would be appreciated. Ubuntu Code: echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o…
Quintin
  • 35
  • 1
  • 3
2
votes
1 answer

What is the difference between using ipfw and hosts.deny in terms of security?

I'm in the middle of securing an OSX server that is the target of hundreds of automated requests per second from Chinese, Russian and US servers (see: Recovering a server from being an open relay). I've used ipfw to set up rules that exclude all but…
brass-kazoo
  • 178
  • 6
2
votes
1 answer

ipfw - purpose of outgoing keep-state?

I'm looking over the ipfw rules for our webserver and it struck me that we use check/keep-state on all outgoing traffic. We only have a handful ports open in both directions. We dont have much outgoing traffic, and 99% of it is on port 80 (PHP/CURL…
rnorm
  • 21
  • 2
1
2 3 4 5