From owner-freebsd-questions  Wed May  1 23:30:20 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from neptune.dbn.stormnet.co.za (neptune.dbn.stormnet.co.za [196.22.196.1])
	by hub.freebsd.org (Postfix) with ESMTP id 6E5C337B400
	for <freebsd-questions@freebsd.org>; Wed,  1 May 2002 23:30:15 -0700 (PDT)
Received: from postoffice.brabys.co.za ([192.96.48.13] helo=brabys.co.za)
	by neptune.dbn.stormnet.co.za with esmtp (Exim 3.34 #1)
	id 173A8p-00085l-00
	for freebsd-questions@freebsd.org; Thu, 02 May 2002 08:32:36 +0200
Received: from nelis.brabys.co.za (proxy-inner.brabys.co.za [192.96.48.11] (may be forged))
	by brabys.co.za (8.12.0/8.12.0) with ESMTP id g426Tkjr004791
	for <freebsd-questions@freebsd.org>; Thu, 2 May 2002 08:29:46 +0200
Message-Id: <5.1.0.14.2.20020502081544.013d6778@192.96.48.11>
X-Sender: nelis@192.96.48.11
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 02 May 2002 08:30:07 +0200
To: freebsd-questions@freebsd.org
From: Nelis Lamprecht <nelis@brabys.co.za>
Subject: firewall - ipfw rules
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-MailScanner: Found to be clean
X-Scanner: exiscan *173A8p-00085l-00*wWhWZ8exaLE* http://duncanthrax.net/exiscan/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi

I am trying to create a custom ruleset for ipfw on a server that is 
configured as a mail server and a web server. I have done all the necessary 
steps to enable the firewall by compiling the kernel with relevant options 
and also setting up the rc.conf to point to my ruleset.
I have also setup the rules to allow dns and certain icmp traffic for ping 
and traceroute which is working fine. My box is configured with 2 nic's one 
external and one internal ( 192.168.0.0 ) My problem is I can't seem to get 
a rule working to except http to my webserver and this is what i have 
created as a rule:

add 00301 allow tcp from any to external-ip 80
add 00302 allow tcp from any to external-ip 25
add 00303 allow tcp from any to external-ip 110

*external-ip being the ip address of the external nic naturally ;-)

this is either incorrect or I have forgotten something out in either the 
ruleset or the rc.firewall file.
Can someone please give me an example of a ruleset for a web server and/or 
mail server or explain to me what needs to be done?

thanks in advance.

nelis


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message