From owner-freebsd-questions@FreeBSD.ORG Thu Aug 5 10:49:52 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B53E216A4CE for ; Thu, 5 Aug 2004 10:49:52 +0000 (GMT) Received: from cyclone.emea.mci.com (cyclone.wcom.co.uk [193.131.254.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id A790043D2D for ; Thu, 5 Aug 2004 10:49:51 +0000 (GMT) (envelope-from philip.payne@uk.mci.com) Received: from borg.emea.mci.com ([166.59.191.249]) by cyclone.emea.mci.com with esmtp (Exim 4.34) id 1Bsfoj-0006Bq-Kc; Thu, 05 Aug 2004 10:49:50 +0000 Received: from gblon1exch06.uk.mcilink.com ([170.127.79.25]) by borg.emea.mci.com with esmtp (Exim 4.34) id 1Bsfoi-0006ib-Re; Thu, 05 Aug 2004 10:49:48 +0000 Received: by gblon1exch06.uk.mcilink.com with Internet Mail Service (5.5.2653.19) id ; Thu, 5 Aug 2004 11:53:49 +0100 Message-ID: From: Philip Payne To: Jonathan Date: Thu, 5 Aug 2004 11:53:48 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-MCI-EMEA-Spam-Score: -98.5 (---------------------------------------------------) X-MCI-EMEA-Signature: e14345b411ce673cb0c626d1cae85448 cc: "FreeBSD Questions \(E-mail\)" Subject: RE: IPFW Configuration X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Aug 2004 10:49:52 -0000 Hi Jonathan, > will be able to work. My box is located at a datacebter and my box is > allocated with about 90 IP addresses (and also the main > server IP which > was given to me when i first purchased the line). I would > like to know > how to configure /etc/rc.firewall to support my MAIN ip and > also how to > make sure the other IPS added to my box are recognized and > protected by > the firewall. > > Also I noticed in rc.firewall there are different modes to put the > firewall in like simple mode, client mode, etc. (different firewall > powers i guess). It would be greatly appreciated if someone > can show me > how to configure ipfw. I could not thank anyone more for the > future help > i might recieve on this issue. simple & client mode are just different rulesets within rc.firewall. You can of course specify your very own ruleset and point rc.conf at a different file than rc.firewall. Two things which may help. 1) There is a keyword "me" that you can use in IPFW rules that prevents you needing to specify the server's actual IP's. 2) fwbuilder.org is a very handy tool for generating firewall config. if the "me" keyword is too generic, you may find it easier have a gui that can hold different objects for each IP address useful.... rather than write repetitive firewall script lines. Also, if you're new to firewall policy sometimes a gui can help. If you want advice on generating a firewall policy, well... there are some high level design rules you can follow that helps. I've posted on this topic a number of times to the list so just search the archives. Lastly, and not meant in any rude way, if you haven't > man ipfw ... I personally found it very useful. Hope that helps Phil.