Date: Sun, 11 Jun 2000 11:19:25 -0400 From: ago <ago@linuxstart.com> To: freebsd-ipfw@freebsd.org Message-ID: <200006111519.LAA23410@www.phpbuilder.com>
next in thread | raw e-mail | index | archive | help
Hi,
I am setting up a FreeBSD box as an internet firewall/gateway for my home network.
I connect to the internet from the firewall box via user ppp with ip aliasing enabled.
After i am connected i browse the internet from another box on the local network.
This works well untill i apply the following rules to drop RFC 1918 addresses at the outgoing device (tun0).
Here is part of my /etc/rc.firewall which shows the rules:
fw_outdev="tun0"
fw_indev="ed1"
fw_localnet="192.168.1.0/16"
fw_cmd="ipfw"
fw_resip="0.0.0.0 10.0.0.0/8 127.0.0.0/8 172.16.0.0/12 192.168.0.0/16"
# IP Spoofing & broadcasts
for i in $fw_resip
do
$fw_cmd add deny log ip from $i to any via $fw_outdev
$fw_cmd add deny log ip from any to $i via $fw_outdev
done
Here is the situation:
With the above rules applied all packets from the local net to the internet and visa versa get dropped.
To let the ip aliasing do its work i have to allow traffic to and from the local network via the tun0 device.
This does not seem to me to be a good way to do this. Does anyone know a better way?
------------------------------------------------
AGO
Email: ago@linuxstart.com
----------------------
Do you do Linux? :)
Get your FREE @linuxstart.com email address at: http://www.linuxstart.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006111519.LAA23410>