From owner-freebsd-net  Sun May 20  0:14: 3 2001
Delivered-To: freebsd-net@freebsd.org
Received: from brinstar.nerim.net (brinstar.nerim.net [62.4.16.71])
	by hub.freebsd.org (Postfix) with ESMTP id 6AD4B37B424
	for <freebsd-net@FreeBSD.ORG>; Sun, 20 May 2001 00:14:00 -0700 (PDT)
	(envelope-from chojin@nerim.net)
Received: from chojin (chojin.adsl.nerim.net [62.4.22.98])
	by brinstar.nerim.net (8.11.2/Raphit-20001115) with SMTP id f4K7Dww02999
	for <freebsd-net@FreeBSD.ORG>; Sun, 20 May 2001 09:13:59 +0200 (CEST)
	(envelope-from chojin@nerim.net)
Message-ID: <000701c0e0fc$83a9d620$0245a8c0@chojin>
From: "Chojin" <chojin@nerim.net>
To: <freebsd-net@FreeBSD.ORG>
References: <Pine.LNX.4.10.10105192301190.3361-100000@dopey.weyrich.com>
Subject: Re: Restricting traffic on one interface
Date: Sun, 20 May 2001 09:14:29 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Use ipf
(it's not ipfw)
----- Original Message -----
From: "Orville R. Weyrich.Jr" <orville@weyrich.com>
Cc: "Freebsd Net (E-mail)" <freebsd-net@FreeBSD.ORG>
Sent: Sunday, May 20, 2001 8:07 AM
Subject: Restricting traffic on one interface


> Hi --
>
> I have a dual homed FreeBSD-4.3 machine and want to restrict traffic on
> one interface but not the other (one interface is to a trusted network and
> the other is not).
>
> What I want is the untrusted interface to only present SMTP and HTTP
> ports, while the trusted interface presents telnet, ftp, NFS, SMB, etc.
>
> What is the best way to do this?  The machine does NOT have IP forwarding
> enabled.
>
> -------------------------------------------------------------------
> Orville R. Weyrich, Jr.                 Weyrich Computer Consulting
> mailto:orville@weyrich.com     KD7HJV        http://www.weyrich.com
> -------------------------------------------------------------------
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message