From owner-freebsd-security Wed Apr 3 8:54:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from gamma.star.spb.ru (gamma.star.spb.ru [217.195.79.1]) by hub.freebsd.org (Postfix) with ESMTP id D3A3037B416 for ; Wed, 3 Apr 2002 08:54:26 -0800 (PST) Received: from green.star.spb.ru (green.star.spb.ru [217.195.79.10]) by gamma.star.spb.ru (8.9.3/8.9.3) with ESMTP id UAA34508; Wed, 3 Apr 2002 20:54:00 +0400 (MSD) Received: from IBMKA.star.spb.ru (217.195.79.241 [217.195.79.241]) by green.star.spb.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id 2G6MRYZR; Wed, 3 Apr 2002 20:53:58 +0400 Date: Wed, 3 Apr 2002 20:53:53 +0400 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A.Kritsky" X-Priority: 3 (Normal) Message-ID: <17812416694.20020403205353@internethelp.ru> To: "Asenchi" Cc: freebsd-security@FreeBSD.ORG Subject: Re: ?: natd and ipfw In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Asenchi, Wednesday, April 03, 2002, 8:16:31 PM, you wrote: A> hello, A> i am somewhat new at fbsd, and i am setting up a firewall for a network. I A> have a question about configuring three nics to handle dmz stuff along with A> the internal network. A> here is my setup: INTERNET ->> [oif=vr0 1.1.1.1] -> [iif1=xl0 10.10.0/24] -> NETWORK A> | A> [iif2=rl0 10.10.1/24] -> DMZ (Webserver/Email/FTP) A> Here is how my configuration is setup: A> I have IPFW built into the kernel. Right now I have built my own A> rc.firewall file and am using that. I also have natd running and enabled in A> rc.conf. A> I guess I don't know what else you would need, if you want me to send along A> my configurations I can do that. A> Here is my question. How do I redirect incoming packets that want to go to A> my website to my DMZ side of the network? I have read about -redirect_port A> | -redirect_address but really don't understand how that will filter the A> traffic. I need to read a little more but thought maybe somebody on this A> could give me some direction. maybe an example will help you. if you add following line to your natd.conf file: redirect_port tcp 10.0.1.1:25 1.1.1.1:25 then all tcp traffic coming to your box, port 25 from internet will be forwarded to machine 10.0.1.1 port 25 (in DMZ network). A> I guess I should simplify the question. How do i route traffic that is A> trying to reach my website? How do I specify the correct traffic? Can I A> use a host name instead of an ip address in natd configurations? yes, you can use host names and port names along with numeric equivalents, like mail.domain.com:25 mail.domain.com:smtp 1.2.3.4:smtp 1.2.3.4:25 A> Sorry if this is too much, I hope I have layed out my question so that you A> can help me. Please respond to the group with any direction you could give A> me. A> Thank you, A> ASENCHI ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message