Date: Wed, 13 Feb 2002 22:51:24 -0500 (EST) From: Chris Collins <chris@collins-ca.com> To: questions@FreeBSD.ORG Subject: Re: NAT/IPFW security question Message-ID: <20020213225032.Q26969-100000@bsduser.ca> In-Reply-To: <20020212192234.F908-100000@bsduser.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Well I found the answer to my own question at. http://www.mostgraveconcern.com/freebsd/ipfw.html Chris -=-=-==-=-=-=-=-=-=-=-=-=-=-=--=-=-==-=-=- Chris Collins chris@collins-ca.com MSN Msg: chris_collins_ca@hotmail.com -=-=-==-=-=-=-=-=-=-=-=-=-=-=--=-=-==-=-=- On Tue, 12 Feb 2002, Chris Collins wrote: > Hello > > I have just recently setup my FreeBSD machine to connect to my ISP via > dhcp and run nat for the rest of my network. I have question I hope > somebody on this list can help me with. > > How do I secure my FreeBSD box so that it does not allow any traffic into > may machine that I do not make a rule for? As it stand right now the rule > > add pass all from any to any > > is allowing all ports into my machine but without it my nat does not work. > > Here is a complete list of my rules. > > -f flush > add divert natd all from any to any via dc0 > add pass all from any to any > add 230 allow tcp from any to 21 via dc0 > add 240 allow tcp from any to 25 via dc0 > add 250 allow tcp from any to 110 via dc0 > add 270 allow tcp from any to 80 via dc0 > #add 290 allow tcp from any to 10000 via dc0 > add 300 allow icmp from any to any > add 65534 deny log ip from any to any > > I have other ports being used that are not in this list that I only want > my 10.0.0.0/24 on interface dc1 home network to have access to. > > Can anybody offer any suggestions? > > Thanks > Chris > > > -=-=-==-=-=-=-=-=-=-=-=-=-=-=--=-=-==-=-=- > Chris Collins > chris@collins-ca.com > MSN Msg: chris_collins_ca@hotmail.com > -=-=-==-=-=-=-=-=-=-=-=-=-=-=--=-=-==-=-=- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020213225032.Q26969-100000>