From owner-freebsd-questions@FreeBSD.ORG Fri Mar 19 10:30:10 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4506E16A4CE for ; Fri, 19 Mar 2004 10:30:10 -0800 (PST) Received: from mail.cult.cu (ns2.cubarte.org [169.158.120.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59F6143D31 for ; Fri, 19 Mar 2004 10:29:53 -0800 (PST) (envelope-from admin@atenas.cult.cu) Received: from [169.158.120.178] (helo=mail.atenas.cult.cu) by mail.cult.cu with esmtp (Exim 4.22) id 1B4OkJ-0009z3-6a for freebsd-questions@freebsd.org; Fri, 19 Mar 2004 13:29:40 -0500 Received: from [192.168.1.4] (helo=bloodlust) by mail.atenas.cult.cu with smtp (Exim 3.34 #1) id 1B4ObV-0001Is-00 for freebsd-questions@FreeBSD.ORG; Fri, 19 Mar 2004 13:20:24 -0500 Message-ID: <001601c40de0$07ff1710$0401a8c0@bloodlust> From: "Xpression" To: "FreeBSD-questions" Date: Fri, 19 Mar 2004 13:28:42 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: ipfw question... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2004 18:30:10 -0000 Hi list, I've this network configuration: router (169.158.120.177) server1 (169.158.120.178) running bind (named), tacacs+, exim, and a pop3 server server2 (169.158.120.179) running squid, apache2, mysql, proftpd (is acting as a GATEWAY) I've a LAN (192.168.1.0/24) and a breaking apart "LAN" (192.168.2.0/8, 192.168.2.8/8, 192.168.2.16/8), my question is: I want to protect my LAN, "LAN" and servers from the outside, I want to use ipfw, I have compiled a kernel in server2 (FreeBSD-4.8 on both servers) and I'm blocked (in & out), I've some doubts about adding rules 'cause I've been seeing so many samples on the net and I'm a little bit confused...any suggestion about configuration ???