Date: Mon, 21 May 2001 10:23:50 +0200 (CEST) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: "Orville R. Weyrich.Jr" <orville@weyrich.com> Cc: Chojin <chojin@nerim.net>, freebsd-net@FreeBSD.ORG Subject: Re: Restricting traffic on one interface Message-ID: <200105210823.KAA06519@info.iet.unipi.it> In-Reply-To: <Pine.LNX.4.10.10105210100070.3361-100000@dopey.weyrich.com> from "Orville R. Weyrich.Jr" at "May 21, 2001 01:05:47 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> Thanks for the suggestion, but where do I get ipf? I don't see it in the it is part of the base system. BTW both ipfilter and ipfw seem to do the job you want, so recommending the use of one instead of the other is as technically sound as saying to disconnect the network cable on the internal side (which is the most secure thing you can do provided you do not have a wireless card on the motherboard... these days you cannot trust anything anymore!) cheers luigi > FreeBSD packages region under networking or security. The closest I see > in functionality I see is xinetd, but it only seems to allow me to specity > ip addresses to enable/disable, but does not seem to have an option to > specify the network interface. > > I guess xinetd is better than nothing, if I trust the outer firewall to > filter out unexpected incoming ip addresses, but the whole point is that I > do NOT trust the outer firewall to do it's job perfectly. > > Regards, > > orville. > > On Sun, 20 May 2001, Chojin wrote: > > > Use ipf > > (it's not ipfw) > > ----- Original Message ----- > > From: "Orville R. Weyrich.Jr" <orville@weyrich.com> > > Cc: "Freebsd Net (E-mail)" <freebsd-net@FreeBSD.ORG> > > Sent: Sunday, May 20, 2001 8:07 AM > > Subject: Restricting traffic on one interface > > > > > > > Hi -- > > > > > > I have a dual homed FreeBSD-4.3 machine and want to restrict traffic on > > > one interface but not the other (one interface is to a trusted network and > > > the other is not). > > > > > > What I want is the untrusted interface to only present SMTP and HTTP > > > ports, while the trusted interface presents telnet, ftp, NFS, SMB, etc. > > > > > > What is the best way to do this? The machine does NOT have IP forwarding > > > enabled. > > > > > > ------------------------------------------------------------------- > > > Orville R. Weyrich, Jr. Weyrich Computer Consulting > > > mailto:orville@weyrich.com KD7HJV http://www.weyrich.com > > > ------------------------------------------------------------------- > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-net" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > > > =================================================================== > IF YOU WANT REFORM >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> VOTE REFORM > ------------------------------------------------------------------- > Orville R. Weyrich, Jr. Weyrich Computer Consulting > mailto:orville@weyrich.com KD7HJV http://www.weyrich.com > ------------------------------------------------------------------- > Visit our online collection of book reviews: > > http://www.weyrich.com/book_reviews/ > > Ask about our world wide web services! > ------------------------------------------------------------------- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105210823.KAA06519>