From owner-freebsd-questions@FreeBSD.ORG Fri Mar 19 10:35:41 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB78116A4CE for ; Fri, 19 Mar 2004 10:35:41 -0800 (PST) Received: from ns1.valuedj.com (adsl-216-100-130-21.dsl.snfc21.pacbell.net [216.100.130.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8283043D3F for ; Fri, 19 Mar 2004 10:35:41 -0800 (PST) (envelope-from whizkid@ValueDJ.com) Received: by ns1.valuedj.com (Postfix, from userid 80) id 38DB8614C; Fri, 19 Mar 2004 10:40:11 -0800 (PST) Received: from 208.253.246.93 (proxying for unknown) (SquirrelMail authenticated user whizkid) by www.ValueDJ.com with HTTP; Fri, 19 Mar 2004 10:40:11 -0800 (PST) Message-ID: <3456.208.253.246.93.1079721611.squirrel@www.ValueDJ.com> In-Reply-To: <001601c40de0$07ff1710$0401a8c0@bloodlust> References: <001601c40de0$07ff1710$0401a8c0@bloodlust> Date: Fri, 19 Mar 2004 10:40:11 -0800 (PST) From: whizkid@ValueDJ.com To: "Xpression" User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal cc: FreeBSD-questions Subject: Re: ipfw question... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2004 18:35:41 -0000 > Hi list, I've this network configuration: > > router (169.158.120.177) > server1 (169.158.120.178) running bind (named), tacacs+, exim, and a pop3 > server > server2 (169.158.120.179) running squid, apache2, mysql, proftpd (is > acting > as a GATEWAY) > > I've a LAN (192.168.1.0/24) and a breaking apart "LAN" (192.168.2.0/8, > 192.168.2.8/8, 192.168.2.16/8), my question is: I want to protect my LAN, > "LAN" and servers from the outside, I want to use ipfw, I have compiled a > kernel in server2 (FreeBSD-4.8 on both servers) and I'm blocked (in & > out), > I've some doubts about adding rules 'cause I've been seeing so many > samples > on the net and I'm a little bit confused...any suggestion about > configuration ??? one thing that I learned was to make sure when you start opening ports (IE you have DENY ALL as default) that you start with the lowest port number.. I for the life of me could not get SMTP working, so I moved it from the bottom of my IPFW rules to the top, and walla it worked. If you would like I can post my IPFW rules. They are extemly simple for my SSH, POP3, SMTP, NTP, IMAP, BIND8 setup...