Date: Wed, 12 May 1999 15:28:19 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: MPN <neubyneu@twcny.rr.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW question... Message-ID: <Pine.BSF.4.03.9905121527460.23756-100000@resnet.uoregon.edu> In-Reply-To: <000701be9ca7$08ffb5c0$04c809c0@kramer.cmsnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Please wrap your lines, thanks. On Wed, 12 May 1999, MPN wrote: > Hello. I'm currently running FBSD-2.2.6-Release. I have set up my > FreeBSD box running nat to do the translation to the internet for my > home network. The FreeBSD server box has two ethernet cards. ed0 > connected to my internal network and ed1 connected to my cable modem. > NATD is currently working properly. What I'd like to do, though, is > allow only certain port connections. For example, I would like to > allow telnet, ftp, and http. If I take out the line allow all from > any to any, nothing works. NAT doesn't do the translation for some > reason. Here are my current rules: > > maddog# ipfw list > 00031 deny log udp from any to any 31337 > 00032 deny log tcp from any to any 31337 > 00100 divert 6668 ip from any to any via ed1 > 00101 allow udp from any to any 21 > 00102 allow tcp from any to any 21 > 00202 allow tcp from any to any 23 > 00302 allow udp from any to any 23 > 00402 allow tcp from any to any 80 > 00502 allow udp from any to any 80 > 00602 allow tcp from any to any 53 > 00702 allow udp from any to any 53 > 65535 deny ip from any to any > This *should* block everything except ftp, http, telnet, and > dnsqueries. It isn't working though. What is wrong? Any help is > greatly appreciated. THanks in advance. -- MPN - President, Computer > Management Systems -- Try an open firewall first. nat won't forward anything that doesn't have a reverse connection, so it's safe. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.03.9905121527460.23756-100000>