From owner-freebsd-questions Wed May 12 15:28:26 1999 Delivered-To: freebsd-questions@freebsd.org Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32]) by hub.freebsd.org (Postfix) with ESMTP id D4E7A15530 for ; Wed, 12 May 1999 15:28:24 -0700 (PDT) (envelope-from dwhite@resnet.uoregon.edu) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.8.8/8.8.8) with ESMTP id PAA02010; Wed, 12 May 1999 15:28:19 -0700 (PDT) (envelope-from dwhite@resnet.uoregon.edu) Date: Wed, 12 May 1999 15:28:19 -0700 (PDT) From: Doug White To: MPN Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW question... In-Reply-To: <000701be9ca7$08ffb5c0$04c809c0@kramer.cmsnet.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Please wrap your lines, thanks. On Wed, 12 May 1999, MPN wrote: > Hello. I'm currently running FBSD-2.2.6-Release. I have set up my > FreeBSD box running nat to do the translation to the internet for my > home network. The FreeBSD server box has two ethernet cards. ed0 > connected to my internal network and ed1 connected to my cable modem. > NATD is currently working properly. What I'd like to do, though, is > allow only certain port connections. For example, I would like to > allow telnet, ftp, and http. If I take out the line allow all from > any to any, nothing works. NAT doesn't do the translation for some > reason. Here are my current rules: > > maddog# ipfw list > 00031 deny log udp from any to any 31337 > 00032 deny log tcp from any to any 31337 > 00100 divert 6668 ip from any to any via ed1 > 00101 allow udp from any to any 21 > 00102 allow tcp from any to any 21 > 00202 allow tcp from any to any 23 > 00302 allow udp from any to any 23 > 00402 allow tcp from any to any 80 > 00502 allow udp from any to any 80 > 00602 allow tcp from any to any 53 > 00702 allow udp from any to any 53 > 65535 deny ip from any to any > This *should* block everything except ftp, http, telnet, and > dnsqueries. It isn't working though. What is wrong? Any help is > greatly appreciated. THanks in advance. -- MPN - President, Computer > Management Systems -- Try an open firewall first. nat won't forward anything that doesn't have a reverse connection, so it's safe. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message