From owner-freebsd-questions  Thu Sep 17 13:17:23 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA17312
          for freebsd-questions-outgoing; Thu, 17 Sep 1998 13:17:23 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA17257
          for <freebsd-questions@FreeBSD.ORG>; Thu, 17 Sep 1998 13:17:00 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by resnet.uoregon.edu (8.8.8/8.8.8) with ESMTP id NAA03566;
          Thu, 17 Sep 1998 13:14:14 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Date: Thu, 17 Sep 1998 13:14:13 -0700 (PDT)
From: Doug White <dwhite@resnet.uoregon.edu>
To: mtts <adm@gus.orgus.ru>
cc: FreeBSD <freebsd-questions@FreeBSD.ORG>
Subject: Re: IPFilter
In-Reply-To: <199809170753.NAA29780@gus.orgus.ru>
Message-ID: <Pine.BSF.4.03.9809171313210.2759-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 17 Sep 2098, mtts wrote:

> Hi!
> 
> I have installed IPFilter3.2.9 on my FreeBSD2.2.1. During the installation
> it gave me a lot of warnings saying that something wrong with some
> variables in C-files. But everything seem to work properly, at least
> ipnat. I am not too keen in IPFilters yet and can not fully understand how
> to configure it. Can you help me in two cases:

I'm sorry, but I can't answer these questions correctly without having a
drawing of your network to tell where the servers you're mentioning exist
in relation to the firewall and the clients.

>  1. One computer serves as a Proxy-server and Firewall. It has two
>     network cards. One connected to the Internet and the other to our LAN.
>     I want:
>      a) both inside and outside users can use the Proxy(tcp port-3128, udp
>         port-3130);
>      b) inside users can receive their mail from the outside email-server
>         (popper)
>      c) All other things are prohibited. I mean to say nobody can connect
>         to the computer, with the exception of I can telnet and ftp to it
>         from a dedicated computer in my network.

>  2. One more computer serves as DNS, email(sendmail and qpopper) and
>     terminal server for the connection of the remote users using ppp.
>     I want:
>      a) All the traffic can be passed through the computer between the
>         remote users and Internet freely;
>      b) The computer can serve:
>           - DNS requests from anywhere;
>           - receive the mail from Internet and deliver it to the users and
>             vice versa (popper);
>      c) All other connections to the computer are prohibited, except one
>         dedicated computer in my network.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message