Date: 21 May 2003 12:55:37 +0000 From: Sergey Akifyev <asa@gascom.ru> To: Andras Kende <andras@kende.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw rules for low-end server?? Message-ID: <1053521736.363.39.camel@asa.gascom.net.ru> In-Reply-To: <EGEDIDPPMCIONDEPOLNFOEDMCLAA.andras@kende.com> References: <EGEDIDPPMCIONDEPOLNFOEDMCLAA.andras@kende.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-6PIW8lsLHg4rmftsf6uH Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2003-05-21 at 04:10, Andras Kende wrote: > Hello All, Hi! > Have PIII-450, 386Mb FreeBSD 4.8 machine as natd gateway (2 NIC) for arou= nd > 100 computers. You call this low-end? LOL! :))) > To minimize load on the machine which would be the best options?? >=20 > Should I use ipfw "dynamic" or "stateful" rules? See below... > Also should set to kernel with: option IPFIREWALL_VERBOSE for debugging > purposes if needed > but disable logging firewall_logging=3DNO at rc.conf ? >=20 > I want to allow everything to go out, only 22tcp,80tcp 53udp and 25tcp > (port_forwading) to in... Actually, you don't need any ipfw rules (except for 1 divert) for such configuration. Just configure natd, and run it with -d switch. And, as you see, you should debug only natd, so verbose firewall is unnecessary. --=20 regards, Sergey Akifyev <asa@gascom.ru> JSC Gascom <http://www.gascom.ru>; PGP key available from: ftp://ftp.gascom.ru/pub/PGP-keys/asa.txt --=-6PIW8lsLHg4rmftsf6uH Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQA+y3dIbu06QwmNwNsRAtmfAKCKMXH255MsG0VippEXZXJPkKdVCQCfS9xn j7h9yTdU3nxoH+PwxpjxpLk= =MoY4 -----END PGP SIGNATURE----- --=-6PIW8lsLHg4rmftsf6uH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1053521736.363.39.camel>