Date: Sun, 11 Jun 2000 11:19:25 -0400 From: ago <ago@linuxstart.com> To: freebsd-ipfw@freebsd.org Message-ID: <200006111519.LAA23410@www.phpbuilder.com>
next in thread | raw e-mail | index | archive | help
Hi, I am setting up a FreeBSD box as an internet firewall/gateway for my home network. I connect to the internet from the firewall box via user ppp with ip aliasing enabled. After i am connected i browse the internet from another box on the local network. This works well untill i apply the following rules to drop RFC 1918 addresses at the outgoing device (tun0). Here is part of my /etc/rc.firewall which shows the rules: fw_outdev="tun0" fw_indev="ed1" fw_localnet="192.168.1.0/16" fw_cmd="ipfw" fw_resip="0.0.0.0 10.0.0.0/8 127.0.0.0/8 172.16.0.0/12 192.168.0.0/16" # IP Spoofing & broadcasts for i in $fw_resip do $fw_cmd add deny log ip from $i to any via $fw_outdev $fw_cmd add deny log ip from any to $i via $fw_outdev done Here is the situation: With the above rules applied all packets from the local net to the internet and visa versa get dropped. To let the ip aliasing do its work i have to allow traffic to and from the local network via the tun0 device. This does not seem to me to be a good way to do this. Does anyone know a better way? ------------------------------------------------ AGO Email: ago@linuxstart.com ---------------------- Do you do Linux? :) Get your FREE @linuxstart.com email address at: http://www.linuxstart.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006111519.LAA23410>