From owner-freebsd-questions Wed May 3 17:35:24 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail6.lig.bellsouth.net (mail6.lig.bellsouth.net [205.152.0.91]) by hub.freebsd.org (Postfix) with ESMTP id B6EA037BEE0 for ; Wed, 3 May 2000 17:35:20 -0700 (PDT) (envelope-from brownicm@bellsouth.net) Received: from eileen (adsl-61-148-46.mia.bellsouth.net [208.61.148.46]) by mail6.lig.bellsouth.net (3.3.5alt/0.75.2) with ESMTP id UAA18513; Wed, 3 May 2000 20:35:02 -0400 (EDT) Message-Id: <200005040035.UAA18513@mail6.lig.bellsouth.net> From: "Chris Browning" To: "Database" Date: Wed, 3 May 2000 20:16:32 -0700 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: ipfw Cc: In-reply-to: <000501bfb559$3d7c3410$0201a8c0@visualprogram.ne.mediaone.net> X-mailer: Pegasus Mail for Win32 (v3.12a) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm just jumping in here but I've been playing w/ ipfw, too. I think you want to allow the remotedeveloper_address before you deny everything else. Anything going to pub_addr2 that's *not* remdev_addr *and* tcp *and* on port 21 will fail the test and be passed to the deny cmd. If I'm wrong I'm sure any correction posted will be instructive. On 3 May 00, at 19:42, Database wrote: > The rules are as follows. > > ipfw add allow all from any to public_add1 > ipfw add deny all from any to public_add2 > ipfw add allow tcp from remotedeveloper_address to public_address2/22 > ipfw add allow tcp from remotedeveloper_address to public_address2/21 > > Do I have to add rules for natd? And is this possible? > Basically I would like to redirect the traffic on public_address2 to an > internal machine. I would like the firewall to be able to deny everything > except 2 ports from a developers' address. The public_address1 is to allow > everything for the internal machines to connect to the internet. Hopefully > this helps you in aiding me. > thanks > Peter Donadio > ----- Original Message ----- > From: "Crist J. Clark" > To: "Database" > Cc: > Sent: Tuesday, May 02, 2000 10:30 PM > Subject: Re: ipfw > > > > [Your email is all on one line. Please put newlines in at about the 72 > > column mark or so.] > > > > On Tue, May 02, 2000 at 10:12:49PM -0400, Database wrote: > > > I have a multihomed ethernet card that has two ip static address. One > address i would like to allow all traffic. The second I am using natd to > redirect the address to a different machine. I do not want to set the > firewall type to open. If I set it to filename or simple it will not allow > any traffic through on either ip address. Could you help me with the > configuration of ipfw. > > > > The 'simple' setting is not meant for a machine doing NAT. When you > > use a filename, what do you put in the file? Could you post the rules > > you are trying to use? We need more of an idea of what you are trying > > to do to be of any help. > > > > But if you really want to forward all traffic bound for a particular > > address, after you do the divert(4) rule for natd(8), pass all traffic > > to that host before heading to more restrictive rules. > > -- > > Crist J. Clark cjclark@home.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message