Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 May 1999  8:21 -0600
From:      "Wayne, Ken" <WAYNEK@SCHNEIDER.COM>
To:        freebsd-net@FreeBSD.ORG
Subject:   FreeBSD: Firewall
Message-ID:  <47FF6BD08413D311A35900805F31EA72@SCHNEIDER.COM>
next in thread | raw e-mail | index | archive | help 
I apologies if there is a better list to send this question to.  I think this
is a network question.

I want to limit who gets from my internal network to the Internet to a few
static IP addresses.  I also want to prevent people on the Internet from
getting access to my FreeBSD box or workstations.

I'm running FreeBSD 2.2.8 with the included Firewall (IPFW) and NAT.

The NIC in my FreeBSD box (ed0) is set to 172.16.1.1 and the modem is
dynamically assigned when connecting to the Internet.

My workstation's (Win '95) NIC is set to 172.16.1.5 and it's DNS and gateway
is set to 172.16.1.1

With the following firewall rules, I can get access to the internet via
workstation or FreeBSD.
 allow all from any to any
 deny all

When I have any of the following rule combinations it dosn't allow access to
the internet from a workstation or my FreeBSD box.

 allow ip from 172.16.1.1 to any
 allow ip from 172.16.1.5 to any
 deny all

 allow ip from 172.16.1.1 to any via any
 allow ip from 172.16.1.5 to any via any
 deny all

 allow ip from 172.16.1.1 to any via tun0
 allow ip from 172.16.1.5 to any via tun0
 deny all

 allow ip from 172.16.0.0:255.255.255.0 to any
 deny all

 allow ip from 172.16.0.0:255.255.255.0 to any via any
 deny all

 allow ip from 172.16.1.0:255.255.255.0 to any
 deny all

 allow ip from 172.16.1.0:255.255.255.0 to any via any
 deny all

 allow ip from 172.16.1.1:255.255.255.0 to any
 allow ip from 172.16.1.5:255.255.255.0 to any
 deny all

 allow ip from 172.16.1.1:255.255.255.0 to any via any
 allow ip from 172.16.1.5:255.255.255.0 to any via any
 deny all

Any help is greatly appreciated!

Thanks, -Ken


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47FF6BD08413D311A35900805F31EA72>