Date: Fri, 19 Mar 2004 10:40:11 -0800 (PST) From: whizkid@ValueDJ.com To: "Xpression" <admin@atenas.cult.cu> Cc: FreeBSD-questions <freebsd-questions@freebsd.org> Subject: Re: ipfw question... Message-ID: <3456.208.253.246.93.1079721611.squirrel@www.ValueDJ.com> In-Reply-To: <001601c40de0$07ff1710$0401a8c0@bloodlust> References: <001601c40de0$07ff1710$0401a8c0@bloodlust>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi list, I've this network configuration: > > router (169.158.120.177) > server1 (169.158.120.178) running bind (named), tacacs+, exim, and a pop3 > server > server2 (169.158.120.179) running squid, apache2, mysql, proftpd (is > acting > as a GATEWAY) > > I've a LAN (192.168.1.0/24) and a breaking apart "LAN" (192.168.2.0/8, > 192.168.2.8/8, 192.168.2.16/8), my question is: I want to protect my LAN, > "LAN" and servers from the outside, I want to use ipfw, I have compiled a > kernel in server2 (FreeBSD-4.8 on both servers) and I'm blocked (in & > out), > I've some doubts about adding rules 'cause I've been seeing so many > samples > on the net and I'm a little bit confused...any suggestion about > configuration ??? one thing that I learned was to make sure when you start opening ports (IE you have DENY ALL as default) that you start with the lowest port number.. I for the life of me could not get SMTP working, so I moved it from the bottom of my IPFW rules to the top, and walla it worked. If you would like I can post my IPFW rules. They are extemly simple for my SSH, POP3, SMTP, NTP, IMAP, BIND8 setup...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3456.208.253.246.93.1079721611.squirrel>