Date: Thu, 17 Mar 2005 03:15:26 +0000 From: "Edwin D. Vinas" <xmisoy@gmail.com> To: freebsd-questions@freebsd.org Subject: DSL LAN Sharing with FreeBSD-5.3+natd+ipfw Message-ID: <36f5bbba050316191515754379@mail.gmail.com> In-Reply-To: <36f5bbba050316113631be0ef3@mail.gmail.com> References: <36f5bbba050316113631be0ef3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_715_28888861.1111029326609 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline hi, how do i permanently set the rules for ipfw? whenever i restart my FreeBSD server which has natd & firewall enabled, the ipfw returns to default which is "65535 151 14646 deny ip from any to any". so i need to repeat "ipfw -f flush" and execute the commands below so that my LAN can access the Internet. simple ruleset that must appear when "ipfw show" is executed: 00100 28 2096 divert 8668 ip from any to any via dc0 00200 37 3147 allow ip from any to any 65535 151 14646 deny ip from any to any do u have an ideal ipfw rules that i can follow for a setup which consists of a FreeBSD-5.3, natd, firewall, and DSL (static IP) connection? i just need to as much as possible prevent my LAN from attacks/virus/worms from outside world. -edwin -- -- Edwin D. Vi=F1as http://www.geocities.com/edwin_vinas/ IN THE WORLD OF SCIENCE, NOTHING IS IMPOSSIBLE. -- ------=_Part_715_28888861.1111029326609 Content-Type: text/plain; name=notes; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="notes" #--March 16, 2005 - users: misoy/edv; root/mfr - installed snmp(comstring edvgrfr) - installed MRTG (/usr/local/etc/mrtg) - installed firefox (so long to install via ports) - IP addresses: rl0 192.168.0.1 dc0 203.215.106.226 - reconfigured Kernel (KERNEDV) foir natd and firewall - Natd/fIREWALL problem: - cannot ping "denied", ipfw disable firewall - natd -interface dc0 /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via dc0 /sbin/ipfw add pass all from any to any Current Configs: @RC.CONF # -- sysinstall generated deltas -- # Thu Mar 17 05:38:59 2005 # Created: Thu Mar 17 05:38:59 2005 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. defaultrouter="192.168.0.1" gateway_enable="YES" hostname="elive_server.elive.com" ifconfig_rl0="inet 192.168.0.1 netmask 255.255.255.0" inetd_enable="NO" linux_enable="YES" moused_enable="YES" sshd_enable="YES" usbd_enable="YES" # added for natd and firewall firewall_enable="YES" natd_enable="YES" natd_interface="dc0" natd_flags="-f /etc/natd.conf" # This file now contains just the overrides from /etc/defaults/rc.conf. # Please make all changes to this file, not to /etc/defaults/rc.conf. # Enable network daemons for user convenience. # Created: Wed Mar 16 22:01:13 2005 # -- sysinstall generated deltas -- # Wed Mar 16 22:01:13 2005 ifconfig_dc0="inet 203.215.106.226 netmask 255.255.255.0" defaultrouter="203.215.106.1" hostname="elive_server.elive.com" @natd.conf interface dc0 use_sockets yes same_ports yes @ipfw show 00100 28 2096 divert 8668 ip from any to any via dc0 00200 37 3147 allow ip from any to any 65535 151 14646 deny ip from any to any = can ping from server internet and LAN ip - lan PC can ping server NIC1 and NIC2, but cant ping Internet WORKING SCENARIO: - Restart/Turn on machine. - check if natd is running with correct interface - check if ipfw contains same rules as above (chek interface) ------=_Part_715_28888861.1111029326609--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36f5bbba050316191515754379>