From owner-freebsd-questions Wed May 12 11:40:51 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mail1.twcny.rr.com (mail1-1.nyroc.rr.com [24.92.226.139]) by hub.freebsd.org (Postfix) with ESMTP id ADC97152E1 for ; Wed, 12 May 1999 11:40:47 -0700 (PDT) (envelope-from neubyneu@twcny.rr.com) Received: from kramer ([24.92.245.57]) by mail1.twcny.rr.com (Post.Office MTA v3.5.2 release 221 ID# 0-53939U80000L80000S0V35) with SMTP id com for ; Wed, 12 May 1999 14:44:19 -0400 Message-ID: <000701be9ca7$08ffb5c0$04c809c0@kramer.cmsnet.net> From: "MPN" To: Subject: IPFW question... Date: Wed, 12 May 1999 14:41:23 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01BE9C85.81896080" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_0004_01BE9C85.81896080 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello. I'm currently running FBSD-2.2.6-Release. I have set up my = FreeBSD box running nat to do the translation to the internet for my = home network. The FreeBSD server box has two ethernet cards. ed0 = connected to my internal network and ed1 connected to my cable modem. = NATD is currently working properly. What I'd like to do, though, is = allow only certain port connections. For example, I would like to allow = telnet, ftp, and http. If I take out the line allow all from any to = any, nothing works. NAT doesn't do the translation for some reason. = Here are my current rules: maddog# ipfw list 00031 deny log udp from any to any 31337 00032 deny log tcp from any to any 31337 00100 divert 6668 ip from any to any via ed1 00101 allow udp from any to any 21 00102 allow tcp from any to any 21 00202 allow tcp from any to any 23 00302 allow udp from any to any 23 00402 allow tcp from any to any 80 00502 allow udp from any to any 80 00602 allow tcp from any to any 53 00702 allow udp from any to any 53 65535 deny ip from any to any This *should* block everything except ftp, http, telnet, and dnsqueries. = It isn't working though. What is wrong? Any help is greatly = appreciated. THanks in advance. -- MPN - President, Computer Management Systems -- ------=_NextPart_000_0004_01BE9C85.81896080 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello.  I'm currently running=20 FBSD-2.2.6-Release.  I have set up my FreeBSD box running nat to do = the=20 translation to the internet for my home network.  The FreeBSD = server box=20 has two ethernet cards.   ed0 connected to my internal network = and ed1=20 connected to my cable modem.  NATD is currently working = properly. =20 What I'd like to do, though,  is allow only certain port = connections. =20 For example, I would like to allow telnet, ftp, and http.  If I = take out=20 the line allow all from any to any, nothing works.  NAT doesn't do = the=20 translation for some reason.  Here are my current = rules:
 
maddog# ipfw list
00031 deny log udp from any to any 31337
00032 = deny log tcp=20 from any to any 31337
00100 divert 6668 ip from any to any via = ed1
00101=20 allow udp from any to any 21
00102 allow tcp from any to any = 21
00202=20 allow tcp from any to any 23
00302 allow udp from any to any = 23
00402=20 allow tcp from any to any 80
00502 allow udp from any to any = 80
00602=20 allow tcp from any to any 53
00702 allow udp from any to any = 53
65535 deny=20 ip from any to any
This *should* block everything except ftp, = http,=20 telnet, and dnsqueries.  It isn't working though.  What is=20 wrong?  Any help is greatly appreciated.  THanks in = advance.
--
MPN - President, Computer Management Systems
--
 
------=_NextPart_000_0004_01BE9C85.81896080-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message