From owner-freebsd-questions@FreeBSD.ORG Sun Nov 4 20:04:11 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A2CA16A46B for ; Sun, 4 Nov 2007 20:04:11 +0000 (UTC) (envelope-from deeptech71@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by mx1.freebsd.org (Postfix) with ESMTP id DC95C13C4B5 for ; Sun, 4 Nov 2007 20:04:09 +0000 (UTC) (envelope-from deeptech71@gmail.com) Received: by nf-out-0910.google.com with SMTP id b2so981829nfb for ; Sun, 04 Nov 2007 12:03:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=0Uz/PksR+au1Qs5FX7cilijWhV3hkpX+JPVk/4A3VsE=; b=rUsscnjkqiAqyNywg8XekKTvkuiJTwsWEEtG0D1Tekro0XTrY//GZlDbS2uH3536PvFRgLa3VxWEZZglX5sJ7tuonTplas+3QTW4CcTnD4qs8KJfToihAdra6vn+MkOlgh95hwO3p1gC4BF7gKEsSmXPWDeL8n+9J74FEV6n+m0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=Kt2UwH+bA1Dm4aDXIdRZNcCp7ZIzHrkNAtsWkZkwy8Uv6pjXYMajTZHbAPf94ppGMjGA0tY1ir0Zsr1X67Fp4m+fmHjX8eur345xG30trt9GZvilYEp9wgUqAQB+DpEFQVjsraXVzZuVH68wCobF8NLUnmYObPbuXMkWvI+/aBI= Received: by 10.86.4.2 with SMTP id 2mr2783930fgd.1194206639206; Sun, 04 Nov 2007 12:03:59 -0800 (PST) Received: from ?192.168.123.1? ( [78.92.56.73]) by mx.google.com with ESMTPS id 22sm10572498fkr.2007.11.04.12.03.56 (version=SSLv3 cipher=RC4-MD5); Sun, 04 Nov 2007 12:03:57 -0800 (PST) Message-ID: <472E257E.2000905@gmail.com> Date: Sun, 04 Nov 2007 21:03:10 +0100 From: deeptech71@gmail.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.8) Gecko/20071009 MultiZilla/1.8.3.3a SeaMonkey/1.1.5 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <472AF4FF.9000803@gmail.com> <20071102141525.19a05fc7@gumby.homeunix.com.> <472B6552.9060602@gmail.com> <472B9DA8.6000800@gmail.com> <472DF016.30706@gmail.com> In-Reply-To: <472DF016.30706@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: IPFW Rules and Games X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Nov 2007 20:04:11 -0000 Jack Barnett wrote: > deeptech71@gmail.com wrote: >> So basically the ruleset should be simple: >> >> ipfw -f flush >> # allow lo0 stuff >> # block some spoofs/attacks >> # if you are hosting gameservers from 192.168.17.3 or whatever, >> # you should (manually) open server ports, in other words, add >> # routes to 192.168.17.3 to specific server ports >> ipfw add divert natd all from any to any via $outside_interface >> allow all from any to any >> # block some more spoofs/attacks :) >> # define services (like you did with http) > Sorry, this didn't work. > > > just without any security concerns, try this script: #!/bin/sh ipfw -f flush ipfw add divert natd via xl0 ipfw add allow all from any to any But please tell me, what kind of internet connection do you have? You said you have a Dynamic IP. Are you using connecting to the Internet via ppp? If so, replace xl0 up there with tun0 (or whatever tunnel ppp created). Here's my stuff: ::: /etc/natd.conf ::: dynamic yes same_ports yes deny_incoming yes unregistered_only yes redirect address 192.168.123.254 0.0.0.0 ::: part of /etc/rc.conf ::: # [...] ifconfig_rl0="inet 192.168.123.254 netmask 255.255.255.0" ifconfig_ed0="up" # <-- this is the external one # plus there is a tun0 for PPPoE firewall_enable="YES" firewall_script="/etc/ipfw.rules" # something like the above script gateway_enable="YES" router_enable="NO" natd_enable="YES" natd_interface="tun0" natd_flags="-f /etc/natd.conf" ppp_enable="YES" # [...]