From owner-freebsd-questions Tue Mar 4 9:29:19 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E17E237B401 for ; Tue, 4 Mar 2003 09:29:17 -0800 (PST) Received: from hotmail.com (oe25.law12.hotmail.com [64.4.18.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3438A43FBF for ; Tue, 4 Mar 2003 09:29:15 -0800 (PST) (envelope-from b1henning@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 4 Mar 2003 09:29:15 -0800 X-Originating-IP: [192.216.212.193] From: "Brian Henning" To: "freebsd" Subject: firewall Date: Tue, 4 Mar 2003 11:27:05 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Message-ID: X-OriginalArrivalTime: 04 Mar 2003 17:29:15.0072 (UTC) FILETIME=[93ED6400:01C2E273] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello- I am pretty new to natd and ipfw, so i would like to be able to describe what i want to be able to do with my new bsd router. This is to understand the nomenclature and how understand how other people use bsd as a router/firewall. So far i have manually done this to my router. >sysctl net.inet.ip.forwarding=1 # gateway_enable="YES" >natd -interface rl1 >ipfw -f flush >ipfw add divert natd all from any to any via rl1 >ipfw add pass all from any to any notes: r11 is my external network rl0 is my internal network here is what i would like to do in a more standard way. Please correct my wording if it is off or if it unclear. port forward: ssh from a local machine port 22 to the router port 22, open to the outside port forward: vpn port 5001 for all local machines, open to the outside block all servers on the router to the outside, but not the inside anyone on the local network has access to services on the router what else should i consider? is port forwarding done with ip or with mac address? cheers, brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message