[Gibble]

Aaargh...

I can ssh (and access http) to my server from the internet, but not from my internal network.

Here are my rules

# ipfw show
00050  732928 456908524 divert 8668 ip from any to any via rl0
00100     276     13800 allow ip from any to any via lo0
00200       0         0 deny ip from any to 127.0.0.0/8
00300       0         0 deny ip from 127.0.0.0/8 to any
65000 1433788 911946761 allow ip from any to any
65535       2       419 deny ip from any to any

Help!

 

[Squashman]

I am not too sure how IPFW works. I have never used it.

Question : Does ipfw list do the same thing as ipfw show.

Do you have a IPFW script that generates these rules. Could we see that.

From what I see on the FreeBSD website, it looks like you have your rules setup backwards. You want to Deny everything first and then let stuff in.

I found this interesting on their site.

All UNIX® flavored operating systems, FreeBSD included, are designed to use interface lo0 and IP address 127.0.0.1 for internal communication with in the operating system. The firewall rules must contain rules to allow free unmolested movement of these special internally used packets.

I would read this website a little more, maybe it will give you some clues.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html

 

[Gibble]

yes ipfw list and ipfw show are the same, I'm using the default rc.firewall script, with the OPEN option...