Date: Wed, 3 May 2000 20:16:32 -0700 From: "Chris Browning" <brownicm@bellsouth.net> To: "Database" <petedonadio@mediaone.net> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfw Message-ID: <200005040035.UAA18513@mail6.lig.bellsouth.net> In-Reply-To: <000501bfb559$3d7c3410$0201a8c0@visualprogram.ne.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm just jumping in here but I've been playing w/ ipfw, too. I think
you want to allow the remotedeveloper_address before you deny
everything else. Anything going to pub_addr2 that's *not*
remdev_addr *and* tcp *and* on port 21 will fail the test and be
passed to the deny cmd. If I'm wrong I'm sure any correction
posted will be instructive.
On 3 May 00, at 19:42, Database wrote:
> The rules are as follows.
>
> ipfw add allow all from any to public_add1
> ipfw add deny all from any to public_add2
> ipfw add allow tcp from remotedeveloper_address to public_address2/22
> ipfw add allow tcp from remotedeveloper_address to public_address2/21
>
> Do I have to add rules for natd? And is this possible?
> Basically I would like to redirect the traffic on public_address2 to an
> internal machine. I would like the firewall to be able to deny everything
> except 2 ports from a developers' address. The public_address1 is to allow
> everything for the internal machines to connect to the internet. Hopefully
> this helps you in aiding me.
> thanks
> Peter Donadio
> ----- Original Message -----
> From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
> To: "Database" <petedonadio@mediaone.net>
> Cc: <freebsd-questions@FreeBSD.ORG>
> Sent: Tuesday, May 02, 2000 10:30 PM
> Subject: Re: ipfw
>
>
> > [Your email is all on one line. Please put newlines in at about the 72
> > column mark or so.]
> >
> > On Tue, May 02, 2000 at 10:12:49PM -0400, Database wrote:
> > > I have a multihomed ethernet card that has two ip static address. One
> address i would like to allow all traffic. The second I am using natd to
> redirect the address to a different machine. I do not want to set the
> firewall type to open. If I set it to filename or simple it will not allow
> any traffic through on either ip address. Could you help me with the
> configuration of ipfw.
> >
> > The 'simple' setting is not meant for a machine doing NAT. When you
> > use a filename, what do you put in the file? Could you post the rules
> > you are trying to use? We need more of an idea of what you are trying
> > to do to be of any help.
> >
> > But if you really want to forward all traffic bound for a particular
> > address, after you do the divert(4) rule for natd(8), pass all traffic
> > to that host before heading to more restrictive rules.
> > --
> > Crist J. Clark cjclark@home.com
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005040035.UAA18513>