From owner-freebsd-questions  Thu May  7 16:06:10 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA25498
          for freebsd-questions-outgoing; Thu, 7 May 1998 16:06:10 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from chipweb.ml.org (c1003518-a.plstn1.sfba.home.com [24.1.82.47])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id QAA25395
          for <freebsd-questions@FreeBSD.ORG>; Thu, 7 May 1998 16:05:22 -0700 (PDT)
          (envelope-from ludwigp@bigfoot.com)
Received: (qmail 26516 invoked by uid 666); 7 May 1998 23:05:18 -0000
Received: from unknown (HELO speedy.chipweb.ml.org) (172.16.1.1)
  by 172.16.1.5 with SMTP; 7 May 1998 23:05:18 -0000
Message-Id: <3.0.3.32.19980507160516.031a10d4@mail.plstn1.sfba.home.com>
X-Sender: ludwigp@mail.plstn1.sfba.home.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Thu, 07 May 1998 16:05:16 -0700
To: Keff Edwards <kedwards@sac3.com>, freebsd-questions@FreeBSD.ORG
From: Ludwig Pummer <ludwigp@bigfoot.com>
Subject: Re: Fire Wall
In-Reply-To: <3.0.4.32.19980507141008.009084d0@192.168.1.1>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 02:10 PM 5/7/98 -0500, Keff Edwards wrote:
>I have 2 Network Cards in a FreeBSD machine. One with a valid IP on the
>internet and one with 192.168.1.x on my internal lan.  I am using the
>machine just as a mail server and telnet.  I found out I could telnet to my
>mail server and then telnet to my pc.  This is not good.  I want to be able
>to telnet to my pc and then telnet out to the network, and I want to be
>able to telnet into the Mail server but I donot want to TelNet thru the
>server to my lan.  How is this done and If you can give an example.

Enable firewalling in your kernel (try the FAQ or Handbook for how to do
this), then add to your rc.firewall
$fwcmd add deny tcp from <gateway's ip> to <other pc's ip> telnet

for more info, man ipfw and man ipfirewall

--Ludwig Pummer
ludwigp@bigfoot.com ludwigp@chipweb.ml.org
ICQ UIN: 692441   http://chipweb.home.ml.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message