From owner-freebsd-questions@FreeBSD.ORG Fri Dec 19 02:47:42 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F2D91065677 for ; Fri, 19 Dec 2008 02:47:42 +0000 (UTC) (envelope-from wtf.jlaine@gmail.com) Received: from mail-ew0-f21.google.com (mail-ew0-f21.google.com [209.85.219.21]) by mx1.freebsd.org (Postfix) with ESMTP id 892F78FC18 for ; Fri, 19 Dec 2008 02:47:41 +0000 (UTC) (envelope-from wtf.jlaine@gmail.com) Received: by ewy14 with SMTP id 14so993984ewy.19 for ; Thu, 18 Dec 2008 18:47:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:date:from:to:cc :subject:message-id:mail-followup-to:references:mime-version :content-type:content-disposition:in-reply-to:user-agent :x-operating-system; bh=RVWnH2TYcp04E9Rc5tzxeD6I15Lw1QTbbj+NQHOoFlA=; b=NtSex8cN+dxQ060/4lUvc6HKCDRfrKSAkRjgwYiWBCjAgCDnD5CiZveeRFpIcBvyQ+ rLAEX9w5IfiH/BdqFHChf7Tq6lihGcalbx4SgEBWMeKBfZuET60XWTtIKfuY3jR1LOEG mE9/+Cu+aFyg52yk5o6pTbaIM/ZLCwBdBTSIw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent:x-operating-system; b=w+UxXdTcKsgg+ct+ogYbak/YlmBS+vG0efifTod3P5OOmC8ZcbbbJWqDhbdr3l+Gqs frJ4RIXCaRxShW2/aHqNe+odTFt+vT7b1nV0gHRxkh652z8tWc/eGnaCJWVlo+wr5y89 qLmPwqkkvNa5Mm/V0292ca+Ml3eyTx1aEAgvM= Received: by 10.210.10.1 with SMTP id 1mr3151423ebj.132.1229654860262; Thu, 18 Dec 2008 18:47:40 -0800 (PST) Received: from blackmesa ([77.66.225.53]) by mx.google.com with ESMTPS id 7sm25484179ewy.76.2008.12.18.18.47.37 (version=SSLv3 cipher=RC4-MD5); Thu, 18 Dec 2008 18:47:38 -0800 (PST) Received: by blackmesa (sSMTP sendmail emulation); Fri, 19 Dec 2008 05:47:36 +0300 Date: Fri, 19 Dec 2008 05:47:36 +0300 From: Jeff Laine To: KHOO Guan Chen Message-ID: <20081219024736.GA1513@free.bsd.loc> Mail-Followup-To: Jeff Laine , KHOO Guan Chen , freebsd-questions@freebsd.org References: <20081219020810.GA60027@localhost.gateway.2wire.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081219020810.GA60027@localhost.gateway.2wire.net> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.1-RC1 i386 Cc: freebsd-questions@freebsd.org Subject: Re: bridge ipfw also protect set X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2008 02:47:42 -0000 On Fri, Dec 19, 2008 at 10:08:10AM +0800, KHOO Guan Chen wrote: > Hi > > I want to give internet connectivity to a pc behind my Freebsd, which is > connected to an aDSL. I know I can add another card to my set and use > bridge+IPFW so that the behind pc is firewalled. But will this setup > also ensure that my Freebsd set is firewalled? Could now figure it out > reading the book and article. > > Thanks and sorry if this is a silly question. > > Regards Hi there! You can set up natd+IPFW or use pf only. I think bridging is not necessary in your case. Proper filter rules will give your freebsd system good protection. Some information could be found in the Firewalls chapter of the Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html Great explanation of pf functionality here: http://www.openbsd.org/faq/pf/ I find pf approach much easier to set up and maintain. Google search will give you more ;) Good luck! -- Best regards, Jeff () X-mas ribbon campaign /\