[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
firewall configuration on a router
- To: afnog at afnog.org
- Subject: firewall configuration on a router
- From: Sewa AGBODJAN <sewa at cafe.tg>
- Date: Mon, 10 Jun 2002 13:50:25 +0000
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain; charset=us-ascii
- Delivered-To: afnog-archive at lists.eahd.or.ug
- Delivered-To: afnog-outgoing at afnog.org
- Delivered-To: afnog at afnog.org
- Reply-To: Sewa AGBODJAN <sewa at cafe.tg>
- Sender: owner-afnog at afnog.org
Hi !
Thanx for all your answers.
I tried to setup my firewall rules allowing RIP v2 and/or OSPF but it
did not work.
This is the log i got from STDOUT
#For RIP
2002/06/10 13:02:57 RIP: can't send packet : Permission denied
2002/06/10 13:02:58 RIP: can't send packet : Permission denied
#For OSPF
2002/06/10 11:20:59 OSPF: ASBR[Status:1]: Update
2002/06/10 11:20:59 OSPF: ASBR[Status:2]: Update
2002/06/10 11:20:59 OSPF: ASBR[Status:2]: Already ASBR
2002/06/10 11:20:59 OSPF: ASBR[Status:3]: Update
2002/06/10 11:20:59 OSPF: ASBR[Status:3]: Already ASBR
2002/06/10 11:20:59 OSPF: OSPFd (0.92a) starts
2002/06/10 11:20:59 OSPF: interface IP join AllSPFRouters Multicast group.
2002/06/10 11:21:00 OSPF: LSA: AS-external-LSA was not originated.
2002/06/10 11:21:00 OSPF: *** sendto in ospf_write failed with Permission denied
2002/06/10 11:21:05 OSPF: Route[External]: Calculate AS-external-LSA to IP/26
2002/06/10 11:21:05 OSPF: Route[External]: AS-external-LSA is self originated
2002/06/10 11:21:10 OSPF: *** sendto in ospf_write failed with Permission denied
2002/06/10 11:21:20 OSPF: *** sendto in ospf_write failed with Permission denied
Here is ipfw i wrote for ospf and rip
ipfw add pass ospf from any to any
#Allow rip
ipfw add pass udp from OUTSIDE INTERFACE 520 to any
Those rules are between
ipfw add pass tcp from any to any established
and
ipfw add deny all from any to any
Do anybody knows what's going wrong ?
Sewa
PS: How can i configure syslogd to write screen output directly in a file
when using this rule ?
ipfw add deny log tcp from any to any in via ${oif} setup.
Most of the rule i'm usinf are in /etc/rc.firewall when using
firewall_type=simple.
sorry for my poor english.
BC> On Thu, Jun 06, 2002 at 07:09:34PM +0200, Rob Hunter wrote:
>> > I' want to set up a firewall on my router box runing zebra.
>> > For now all is working good but and i need to know port on which ospf and
>> > ripd (version 2) are listening on to write ipfw rule correctly.
>>
>> % grep -i ospf /etc/services
>> ospfd 2604/tcp #OSPFd vty
>> ospf6d 2606/tcp #OSPF6d vty
>>
>> % grep -i ospf /etc/services
>> ospfd 2604/tcp #OSPFd vty
>> ospf6d 2606/tcp #OSPF6d vty
BC> Wrong answer.
BC> OSPF does not run over UDP or TCP, and therefore "port" does not mean
BC> anything. It is its own layer 4 protocol:
BC> $ grep ospf /etc/protocols
BC> ospf 89 OSPFIGP # Open Shortest Path First IGP
BC> (for comparison, tcp is protocol 6 and udp is protocol 17)
BC> RIP, I *think* is UDP. Port 520 (RFC1058, RIPv1). It's obsolete.
BC> Regards,
BC> brian.
--
Best regards,
Sewa mailto:sewa at cafe.tg
-----
This is the afnog mailing list, managed by Majordomo 1.94.5
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org