How to banned all IP external

Support section for FREESCO v0.3.x

How to banned all IP external

Postby janda » Tue Jan 19, 2010 6:03 am

Hi, i need your help
How to banned all IP from outside freesco , if setting use control panel in freesco....

Thanks
User avatar
janda
Newbie
 
Posts: 22
Joined: Tue Jun 24, 2008 2:47 am

Re: How to banned all IP external

Postby dilberts_left_nut » Tue Jan 19, 2010 6:45 pm

Pull out the plug?

What are you trying to stop?
User avatar
dilberts_left_nut
Member
 
Posts: 71
Joined: Thu Sep 02, 2004 8:25 am
Location: Christchurch, NZ

Re: How to banned all IP external

Postby Lightning » Tue Jan 19, 2010 10:31 pm

What are you trying to stop?
We need a detailed explanation of what you are trying to do. That way we can give you the proper way and or commands to do it.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 12079
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Re: How to banned all IP external

Postby janda » Wed Jan 20, 2010 3:52 am

i have a web server, with use freesco as router
i want filtering ip from outside (internet), that only certain ip that can access to the webserver.
I've done in freesco ip banned, with command "be,0.0.0.0/0" . then with the command "ae,xx.xx.xx.xx , to allow ip that can access the web server.
Now have access to the webserver canbe on the filter, only the register ip can access the webserver.
But by using the command was from the local network can't access the internet.
How is the solution to the local network can also use the internet and from the outside of the listed ip only are able to access to the web server.
thanks
User avatar
janda
Newbie
 
Posts: 22
Joined: Tue Jun 24, 2008 2:47 am

Re: How to banned all IP external

Postby Lightning » Wed Jan 20, 2010 7:24 pm

Ok that will be a LOT simpler than what I was expecting.

The first thing to do is to remove all of the be,xx.xx.xx.xx and ae,xx.xx.xx.xx lines you have so that nothing is banned. Then run the

setup -> server settings -> web server


Set this server in "s" mode, once completed and you have save the setup you will need to add in some specific firewall rules manually using the following commands
edit /rc/rc_user
Code: Select all
$fire)
   ipfwadm -I -a accept -P tcp -S xx.xx.xx.xx -D 0/0 80
   ;;

The xx.xx.xx.xx is the IP address of the machines you want to give access to the web server. Just create a new line for each IP or subnet that you want to allow. Once you have saved these changes then run the command

rc_masq restart


Hopefully everything will work as you are wanting. But be aware that this is off of the top of my head and I have not tested it or even checked to make sure the ipfwadm command line is grammatically correct.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 12079
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Re: How to banned all IP external

Postby janda » Wed Jan 20, 2010 9:31 pm

lightning thanks for the response you gave to my questions,
but I mean the webserver is not a Web server residing in freesco.
so I have a server that functions as a webserver.
which can be accessed from the Internet (outside), but I want to restrict who can access my webserver by registering the IP address of each person, so other than those listed can not access to my webserver
User avatar
janda
Newbie
 
Posts: 22
Joined: Tue Jun 24, 2008 2:47 am

Re: How to banned all IP external

Postby Lightning » Thu Jan 21, 2010 7:10 pm

Ok then that only slightly changes things. Of course you can leave the built in web server turned off in "n" mode and instead add another firewall rule as follows. Of course this is assuming you are using port forwarding to get external access to your web server.
edit /rc/rc_user
Code: Select all
$fire)
       ipfwadm -I -a $Pd -P tcp -W $INET -D $IPADDR0 80 $LOG
       ipfwadm -I -a accept -P tcp -S xx.xx.xx.xx -D 0/0 80  $LOG
       ;;
In the above example the variable is $IPADDR"zero". Also in the top section of the rc_user file make sure and uncomment(remove #) the ". /etc/live.cfg" line. Otherwise the last mentioned variable will not work.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 12079
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Re: How to banned all IP external

Postby janda » Thu Jan 21, 2010 11:11 pm

well thanks for the instructions, because it was a long time ago I tried setting myself but did not see too
User avatar
janda
Newbie
 
Posts: 22
Joined: Tue Jun 24, 2008 2:47 am


Return to FREESCO Support for v0.3.x

Who is online

Users browsing this forum: No registered users and 2 guests

cron