From owner-freebsd-questions Wed May 12 13:33:46 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mail1.twcny.rr.com (mail1-1.nyroc.rr.com [24.92.226.139]) by hub.freebsd.org (Postfix) with ESMTP id 3A86214C21 for ; Wed, 12 May 1999 13:33:38 -0700 (PDT) (envelope-from neubyneu@twcny.rr.com) Received: from kramer ([24.92.245.57]) by mail1.twcny.rr.com (Post.Office MTA v3.5.2 release 221 ID# 0-53939U80000L80000S0V35) with SMTP id com for ; Wed, 12 May 1999 16:37:08 -0400 Message-ID: <000501be9cb6$cc2350c0$04c809c0@kramer.cmsnet.net> From: "MPN" To: Subject: ipfw/natd question... Date: Wed, 12 May 1999 16:34:12 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello. I'm currently running FBSD-2.2.6-Release. I have set up my FreeBSD box running nat to do the translation to the internet for my home network. The FreeBSD server box has two ethernet cards. ed0 connected to my internal network and ed1 connected to my cable modem. NATD is currently working properly. What I'd like to do, though, is allow only certain port connections. For example, I would like to allow telnet, ftp, and http. If I take out the line allow all from any to any, nothing works. NAT doesn't do the translation for some reason. Here are my current rules: maddog# ipfw list 00031 deny log udp from any to any 31337 00032 deny log tcp from any to any 31337 00100 divert 6668 ip from any to any via ed1 00101 allow udp from any to any 21 00102 allow tcp from any to any 21 00202 allow tcp from any to any 23 00302 allow udp from any to any 23 00402 allow tcp from any to any 80 00502 allow udp from any to any 80 00602 allow tcp from any to any 53 00702 allow udp from any to any 53 65535 deny ip from any to any This *should* block everything except ftp, http, telnet, and dnsqueries. It isn't working though. What is wrong? Any help is greatly appreciated. THanks in advance. -- MPN - President, Computer Management Systems -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message