Page 1 of 1

How to banned all IP external

PostPosted: Tue Jan 19, 2010 6:03 am
by janda
Hi, i need your help
How to banned all IP from outside freesco , if setting use control panel in freesco....

Thanks

Re: How to banned all IP external

PostPosted: Tue Jan 19, 2010 6:45 pm
by dilberts_left_nut
Pull out the plug?

What are you trying to stop?

Re: How to banned all IP external

PostPosted: Tue Jan 19, 2010 10:31 pm
by Lightning
What are you trying to stop?
We need a detailed explanation of what you are trying to do. That way we can give you the proper way and or commands to do it.

Re: How to banned all IP external

PostPosted: Wed Jan 20, 2010 3:52 am
by janda
i have a web server, with use freesco as router
i want filtering ip from outside (internet), that only certain ip that can access to the webserver.
I've done in freesco ip banned, with command "be,0.0.0.0/0" . then with the command "ae,xx.xx.xx.xx , to allow ip that can access the web server.
Now have access to the webserver canbe on the filter, only the register ip can access the webserver.
But by using the command was from the local network can't access the internet.
How is the solution to the local network can also use the internet and from the outside of the listed ip only are able to access to the web server.
thanks

Re: How to banned all IP external

PostPosted: Wed Jan 20, 2010 7:24 pm
by Lightning
Ok that will be a LOT simpler than what I was expecting.

The first thing to do is to remove all of the be,xx.xx.xx.xx and ae,xx.xx.xx.xx lines you have so that nothing is banned. Then run the

setup -> server settings -> web server


Set this server in "s" mode, once completed and you have save the setup you will need to add in some specific firewall rules manually using the following commands
edit /rc/rc_user
Code: Select all
$fire)
   ipfwadm -I -a accept -P tcp -S xx.xx.xx.xx -D 0/0 80
   ;;

The xx.xx.xx.xx is the IP address of the machines you want to give access to the web server. Just create a new line for each IP or subnet that you want to allow. Once you have saved these changes then run the command

rc_masq restart


Hopefully everything will work as you are wanting. But be aware that this is off of the top of my head and I have not tested it or even checked to make sure the ipfwadm command line is grammatically correct.

Re: How to banned all IP external

PostPosted: Wed Jan 20, 2010 9:31 pm
by janda
lightning thanks for the response you gave to my questions,
but I mean the webserver is not a Web server residing in freesco.
so I have a server that functions as a webserver.
which can be accessed from the Internet (outside), but I want to restrict who can access my webserver by registering the IP address of each person, so other than those listed can not access to my webserver

Re: How to banned all IP external

PostPosted: Thu Jan 21, 2010 7:10 pm
by Lightning
Ok then that only slightly changes things. Of course you can leave the built in web server turned off in "n" mode and instead add another firewall rule as follows. Of course this is assuming you are using port forwarding to get external access to your web server.
edit /rc/rc_user
Code: Select all
$fire)
       ipfwadm -I -a $Pd -P tcp -W $INET -D $IPADDR0 80 $LOG
       ipfwadm -I -a accept -P tcp -S xx.xx.xx.xx -D 0/0 80  $LOG
       ;;
In the above example the variable is $IPADDR"zero". Also in the top section of the rc_user file make sure and uncomment(remove #) the ". /etc/live.cfg" line. Otherwise the last mentioned variable will not work.

Re: How to banned all IP external

PostPosted: Thu Jan 21, 2010 11:11 pm
by janda
well thanks for the instructions, because it was a long time ago I tried setting myself but did not see too