Date: Wed, 3 Apr 2002 20:53:53 +0400 From: "Nickolay A. Kritsky" <nkritsky@internethelp.ru> To: "Asenchi" <asenchi@asenchi.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ?: natd and ipfw Message-ID: <17812416694.20020403205353@internethelp.ru> In-Reply-To: <BNEFIOCCBGNFNCEKAMLMGEPACIAA.asenchi@asenchi.com> References: <BNEFIOCCBGNFNCEKAMLMGEPACIAA.asenchi@asenchi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Asenchi, Wednesday, April 03, 2002, 8:16:31 PM, you wrote: A> hello, A> i am somewhat new at fbsd, and i am setting up a firewall for a network. I A> have a question about configuring three nics to handle dmz stuff along with A> the internal network. A> here is my setup: INTERNET ->> [oif=vr0 1.1.1.1] -> [iif1=xl0 10.10.0/24] -> NETWORK A> | A> [iif2=rl0 10.10.1/24] -> DMZ (Webserver/Email/FTP) A> Here is how my configuration is setup: A> I have IPFW built into the kernel. Right now I have built my own A> rc.firewall file and am using that. I also have natd running and enabled in A> rc.conf. A> I guess I don't know what else you would need, if you want me to send along A> my configurations I can do that. A> Here is my question. How do I redirect incoming packets that want to go to A> my website to my DMZ side of the network? I have read about -redirect_port A> | -redirect_address but really don't understand how that will filter the A> traffic. I need to read a little more but thought maybe somebody on this A> could give me some direction. maybe an example will help you. if you add following line to your natd.conf file: redirect_port tcp 10.0.1.1:25 1.1.1.1:25 then all tcp traffic coming to your box, port 25 from internet will be forwarded to machine 10.0.1.1 port 25 (in DMZ network). A> I guess I should simplify the question. How do i route traffic that is A> trying to reach my website? How do I specify the correct traffic? Can I A> use a host name instead of an ip address in natd configurations? yes, you can use host names and port names along with numeric equivalents, like mail.domain.com:25 mail.domain.com:smtp 1.2.3.4:smtp 1.2.3.4:25 A> Sorry if this is too much, I hope I have layed out my question so that you A> can help me. Please respond to the group with any direction you could give A> me. A> Thank you, A> ASENCHI ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17812416694.20020403205353>