From owner-freebsd-net Mon May 21 1:27:22 2001 Delivered-To: freebsd-net@freebsd.org Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184]) by hub.freebsd.org (Postfix) with ESMTP id 6771A37B42C for ; Mon, 21 May 2001 01:27:17 -0700 (PDT) (envelope-from luigi@info.iet.unipi.it) Received: (from luigi@localhost) by info.iet.unipi.it (8.9.3/8.9.3) id KAA06519; Mon, 21 May 2001 10:23:50 +0200 (CEST) (envelope-from luigi) From: Luigi Rizzo Message-Id: <200105210823.KAA06519@info.iet.unipi.it> Subject: Re: Restricting traffic on one interface In-Reply-To: from "Orville R. Weyrich.Jr" at "May 21, 2001 01:05:47 am" To: "Orville R. Weyrich.Jr" Date: Mon, 21 May 2001 10:23:50 +0200 (CEST) Cc: Chojin , freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Thanks for the suggestion, but where do I get ipf? I don't see it in the it is part of the base system. BTW both ipfilter and ipfw seem to do the job you want, so recommending the use of one instead of the other is as technically sound as saying to disconnect the network cable on the internal side (which is the most secure thing you can do provided you do not have a wireless card on the motherboard... these days you cannot trust anything anymore!) cheers luigi > FreeBSD packages region under networking or security. The closest I see > in functionality I see is xinetd, but it only seems to allow me to specity > ip addresses to enable/disable, but does not seem to have an option to > specify the network interface. > > I guess xinetd is better than nothing, if I trust the outer firewall to > filter out unexpected incoming ip addresses, but the whole point is that I > do NOT trust the outer firewall to do it's job perfectly. > > Regards, > > orville. > > On Sun, 20 May 2001, Chojin wrote: > > > Use ipf > > (it's not ipfw) > > ----- Original Message ----- > > From: "Orville R. Weyrich.Jr" > > Cc: "Freebsd Net (E-mail)" > > Sent: Sunday, May 20, 2001 8:07 AM > > Subject: Restricting traffic on one interface > > > > > > > Hi -- > > > > > > I have a dual homed FreeBSD-4.3 machine and want to restrict traffic on > > > one interface but not the other (one interface is to a trusted network and > > > the other is not). > > > > > > What I want is the untrusted interface to only present SMTP and HTTP > > > ports, while the trusted interface presents telnet, ftp, NFS, SMB, etc. > > > > > > What is the best way to do this? The machine does NOT have IP forwarding > > > enabled. > > > > > > ------------------------------------------------------------------- > > > Orville R. Weyrich, Jr. Weyrich Computer Consulting > > > mailto:orville@weyrich.com KD7HJV http://www.weyrich.com > > > ------------------------------------------------------------------- > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-net" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > > > =================================================================== > IF YOU WANT REFORM >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> VOTE REFORM > ------------------------------------------------------------------- > Orville R. Weyrich, Jr. Weyrich Computer Consulting > mailto:orville@weyrich.com KD7HJV http://www.weyrich.com > ------------------------------------------------------------------- > Visit our online collection of book reviews: > > http://www.weyrich.com/book_reviews/ > > Ask about our world wide web services! > ------------------------------------------------------------------- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message