From owner-freebsd-questions Thu Apr 20 15:55:19 2000 Delivered-To: freebsd-questions@freebsd.org Received: from ug2.plk.af.mil (ug2.plk.af.mil [129.238.20.42]) by hub.freebsd.org (Postfix) with ESMTP id 492B037B6BF for ; Thu, 20 Apr 2000 15:55:14 -0700 (PDT) (envelope-from aaron@aptec.com) Received: from aptec.com (tricky.plk.af.mil [129.238.68.61]) by ug2.plk.af.mil (8.9.3/8.9.3) with ESMTP id QAA25484 for ; Thu, 20 Apr 2000 16:58:49 -0600 (MDT) Message-ID: <38FF8B91.6F23DABF@aptec.com> Date: Thu, 20 Apr 2000 16:58:25 -0600 From: Aaron Birenboim X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.13 i586) X-Accept-Language: en MIME-Version: 1.0 To: questions@freebsd.org Subject: firewall design Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a great many questions about firewalling, by ipfw. Far too many to ask. I have one working, but am often forced to punch holes in it to ger FTP clients working, ping (ICMP), etc. Where can I find writings on how build a USEFULL firewall from FreeBSD? I'm having a hard time setting it up to allow what I want to allow through, nothing more, nothing less. Does the o'riley book cover examples pertinent to FreeBSD? Does anybody have a FBSD firewall DESIGN FAQ or www site? I know the iusage of the ipfw command, I just run into problems with things like ftp servers trying to make data sockets back to my network... is there a way to allow them in for that? It will only get harder when I get NAT running... -- Aaron Birenboim | Cell: (505) 350-1996 | Office: (505) 853-6866 ATA, ABQ NM | bug_aaron@aptec.com | perl is the duct-tape aaron@aptec.com | FAX: (505) 768-1379 | of software. www.aptec.com/~birenboi | Main Office 247-8371 | - Grady Booch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message