Date: Wed, 3 May 2000 20:16:32 -0700 From: "Chris Browning" <brownicm@bellsouth.net> To: "Database" <petedonadio@mediaone.net> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfw Message-ID: <200005040035.UAA18513@mail6.lig.bellsouth.net> In-Reply-To: <000501bfb559$3d7c3410$0201a8c0@visualprogram.ne.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm just jumping in here but I've been playing w/ ipfw, too. I think you want to allow the remotedeveloper_address before you deny everything else. Anything going to pub_addr2 that's *not* remdev_addr *and* tcp *and* on port 21 will fail the test and be passed to the deny cmd. If I'm wrong I'm sure any correction posted will be instructive. On 3 May 00, at 19:42, Database wrote: > The rules are as follows. > > ipfw add allow all from any to public_add1 > ipfw add deny all from any to public_add2 > ipfw add allow tcp from remotedeveloper_address to public_address2/22 > ipfw add allow tcp from remotedeveloper_address to public_address2/21 > > Do I have to add rules for natd? And is this possible? > Basically I would like to redirect the traffic on public_address2 to an > internal machine. I would like the firewall to be able to deny everything > except 2 ports from a developers' address. The public_address1 is to allow > everything for the internal machines to connect to the internet. Hopefully > this helps you in aiding me. > thanks > Peter Donadio > ----- Original Message ----- > From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> > To: "Database" <petedonadio@mediaone.net> > Cc: <freebsd-questions@FreeBSD.ORG> > Sent: Tuesday, May 02, 2000 10:30 PM > Subject: Re: ipfw > > > > [Your email is all on one line. Please put newlines in at about the 72 > > column mark or so.] > > > > On Tue, May 02, 2000 at 10:12:49PM -0400, Database wrote: > > > I have a multihomed ethernet card that has two ip static address. One > address i would like to allow all traffic. The second I am using natd to > redirect the address to a different machine. I do not want to set the > firewall type to open. If I set it to filename or simple it will not allow > any traffic through on either ip address. Could you help me with the > configuration of ipfw. > > > > The 'simple' setting is not meant for a machine doing NAT. When you > > use a filename, what do you put in the file? Could you post the rules > > you are trying to use? We need more of an idea of what you are trying > > to do to be of any help. > > > > But if you really want to forward all traffic bound for a particular > > address, after you do the divert(4) rule for natd(8), pass all traffic > > to that host before heading to more restrictive rules. > > -- > > Crist J. Clark cjclark@home.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005040035.UAA18513>