From owner-freebsd-isp Tue Aug 27 4:26:19 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E26AE37B400 for ; Tue, 27 Aug 2002 04:26:14 -0700 (PDT) Received: from lemsip.invictanet.co.uk (pop3.anti84787.com [213.48.153.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9187F43E6E for ; Tue, 27 Aug 2002 04:26:13 -0700 (PDT) (envelope-from support@invicta.net) Received: from harry (fw-gw.invicta.net [80.88.194.11]) (authenticated bits=0) by lemsip.invictanet.co.uk (8.12.5/8.12.5) with ESMTP id g7RBQmji061012; Tue, 27 Aug 2002 12:26:49 +0100 (BST) (envelope-from support@invicta.net) X-Authentication-Warning: lemsip.invictanet.co.uk: Host fw-gw.invicta.net [80.88.194.11] claimed to be harry Reply-To: From: "InvictaNet Customer Support" To: Cc: "Freebsd-ISP" Subject: RE: Port forwarding recommendations? Date: Tue, 27 Aug 2002 12:25:46 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: <200208270715.29162.absinthe@pobox.com> X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.9, required 5, IN_REP_TO, X_AUTH_WARNING, SUBJ_ENDS_IN_Q_MARK, DOUBLE_CAPSWORD, AWL) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org http://www.smoothwall.org - gpl http://www.smoothwall.co.uk - commercial A dedicated linux based distribution, all the hard work is done for you, just install it. Martyn Routley ----------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk info@invictanet.co.uk phone: 08707 440180 fax: 08707 440181 ------------------------------------------------------ Please Note: All services are provided on the basis that they are business to business and that the Consumer Protection (Distance Selling) Regulations 2000 do not apply. ----------------------------------------------------- -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Dylan Carlson Sent: 27 August 2002 12:15 To: freebsd-isp@FreeBSD.ORG Subject: Port forwarding recommendations? Hi, There are volumes of mailing list messages out there on the subject of firewalls, but the solutions for different circumstances are not clear. Your recommendations would be appreciated. I have a simple low-end pentium box I want to do the following: - Firewall (ipfilter or ipfw, comfortable with either one) - One external IP assigned via DHCP (from the ISP) - One internal IP serving as a gateway address for a private class C - NAT sharing to 4-5 hosts on the protected, internal subnet - Inbound port forwarding ...where "port forwarding" means listening on a port on the external interface of the firewall and forwarding to a specified internal host for the rule. I have looked at [ /usr/ports/net/portfwd ] but I am not sure how well/if this works with any of the NAT and firewall implementations. Wondering which components you would use, why - and any caveats. I would be thankful for any references as well. Provided I am successful with this I plan on writing up a procedure in DocBook and and kicking it over to the FreeBSD documentation project. TIA, -- Dylan Carlson [absinthe@pobox.com] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message -- This message has been scanned for viruses and dangerous content by the http://www.anti84787.com MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by the http://www.anti84787.com MailScanner, and is believed to be clean. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message