Date: Thu, 09 Dec 1999 12:26:16 MST From: "Adidas Boy" <binkieboi@hotmail.com> To: freebsd-security@FreeBSD.ORG Subject: Firewall using FreeBSD 3.3 Message-ID: <19991209192616.44422.qmail@hotmail.com>
next in thread | raw e-mail | index | archive | help
Dear FreeBSD Security, I have a FreeBSD 3.3 Box that I have installed and I'm trying to get a rather secure firewall up to help prevent against basic attacks to our system. I have did some research and have installed tcpd to only allow certain hosts, and disabled services that I don't need to use. What I want to happen is I'm going to have the Firewall which has 2 ethernet cards one configured for the real internet of 205.1.1.x and then the fake network of 10.0.0.x. I am going to put several web servers and e-mail servers behind the firewall and then hoping that I can have all the trafic route thru the firewall to help prevent direct attacks to the servers behind the firewall. I'm assuming i could somehow use natd and set some kind of static table that would be as follows: real inet ip fake ip behind firewall 205.1.1.1 -> 10.0.0.1 205.1.1.2 -> 10.0.0.2 how would i configure natd to do this static routing. 205.1.1.1, 205.1.1.2 would all be answered by the firewall. then i would assume i would have to use ipfw to make the firewall more tighter by only allowing certain connections on certain ports to certain machines. so say for instance on machine 205.1.1.2 which was also 10.0.0.2 i wanted users to only be able to connect to port 80 what should my ipfw configuration look like? then i would need to have like 205.1.1.3 only have port 25 and 110 available? any help would be greatly appreciated. I need your help please! please e-mail directly back to me. brian ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991209192616.44422.qmail>