From owner-freebsd-net Mon May 21 1:21:24 2001 Delivered-To: freebsd-net@freebsd.org Received: from mario.zyan.com (mario.zyan.com [209.250.96.140]) by hub.freebsd.org (Postfix) with ESMTP id C282C37B424 for ; Mon, 21 May 2001 01:21:20 -0700 (PDT) (envelope-from orville@weyrich.com) Received: from dopey.weyrich.com (orville@node-64-249-12-250.dslspeed.zyan.com [64.249.12.250]) by mario.zyan.com (8.9.3/8.9.3) with ESMTP id BAA34084 for ; Mon, 21 May 2001 01:21:19 -0700 (PDT) (envelope-from orville@weyrich.com) Received: from localhost (orville@localhost) by dopey.weyrich.com (8.9.3/8.6.9) with ESMTP id BAA11619; Mon, 21 May 2001 01:05:47 -0700 Date: Mon, 21 May 2001 01:05:47 -0700 (MST) From: "Orville R. Weyrich.Jr" To: Chojin Cc: freebsd-net@FreeBSD.ORG Subject: Re: Restricting traffic on one interface In-Reply-To: <000701c0e0fc$83a9d620$0245a8c0@chojin> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks for the suggestion, but where do I get ipf? I don't see it in the FreeBSD packages region under networking or security. The closest I see in functionality I see is xinetd, but it only seems to allow me to specity ip addresses to enable/disable, but does not seem to have an option to specify the network interface. I guess xinetd is better than nothing, if I trust the outer firewall to filter out unexpected incoming ip addresses, but the whole point is that I do NOT trust the outer firewall to do it's job perfectly. Regards, orville. On Sun, 20 May 2001, Chojin wrote: > Use ipf > (it's not ipfw) > ----- Original Message ----- > From: "Orville R. Weyrich.Jr" > Cc: "Freebsd Net (E-mail)" > Sent: Sunday, May 20, 2001 8:07 AM > Subject: Restricting traffic on one interface > > > > Hi -- > > > > I have a dual homed FreeBSD-4.3 machine and want to restrict traffic on > > one interface but not the other (one interface is to a trusted network and > > the other is not). > > > > What I want is the untrusted interface to only present SMTP and HTTP > > ports, while the trusted interface presents telnet, ftp, NFS, SMB, etc. > > > > What is the best way to do this? The machine does NOT have IP forwarding > > enabled. > > > > ------------------------------------------------------------------- > > Orville R. Weyrich, Jr. Weyrich Computer Consulting > > mailto:orville@weyrich.com KD7HJV http://www.weyrich.com > > ------------------------------------------------------------------- > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > =================================================================== IF YOU WANT REFORM >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> VOTE REFORM ------------------------------------------------------------------- Orville R. Weyrich, Jr. Weyrich Computer Consulting mailto:orville@weyrich.com KD7HJV http://www.weyrich.com ------------------------------------------------------------------- Visit our online collection of book reviews: http://www.weyrich.com/book_reviews/ Ask about our world wide web services! ------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message