Date: Thu, 5 Jul 2001 22:44:02 -0700 From: "Robert L Sowders" <rsowders@usgs.gov> To: "Robert Banniza" <robert@rootprompt.net> Cc: freebsd-ipfw@freebsd.org, owner-freebsd-ipfw@FreeBSD.ORG Subject: Re: Still can't get it to work... Message-ID: <OF237128DE.39E732F9-ON88256A81.001DCC05@wr.usgs.gov>
next in thread | raw e-mail | index | archive | help
Check out http://www.gnatbox.com/ They're using a version of freebsd and ipf that will do what you are trying to do. Maybe you should look at using ipf. gnatbox lite is free, but it does not support both a protected network and private service network. The pro version does, but it will cost you money. But if they can do it, then you should be able to do it too. "Robert Banniza" <robert@rootprompt.net> Sent by: owner-freebsd-ipfw@FreeBSD.ORG 07/05/2001 09:55 PM To: <freebsd-ipfw@freebsd.org> cc: Subject: Still can't get it to work... I cannot for the absolute life of me get IPFW to work with three NICS. All I want to do is to: 1) Pass all traffic from internal network (192.168.1.0/24) to go out to 'net or to the DMZ. 2) Allow 22,25,53(udp),80,443 traffic in to the DMZ. DMZ is using real IP addresses (208.53.161.252/30) 3) Allow no traffic from DMZ to flow back into internal network. 3) Block external interface from RFC1918 spoofed addresses My network is broken up into the following segments: xl0 - external interface (208.53.161.248/30) fxp0 - internal interface (192.168.1.0/24) fxp1 - optional interface (208.53.161.252/30) I'm using default deny which I feel is safest and compensates for human error more so than default allow. I have looked on the web for a DMZ HOWTO and can't find one. Would any of you have rules that do this? I'm about ready to say fuck it and stick with the Firebox. Guys, I certainly would appreciate any help with rules on this. I'm tired of fighting with this thing. Robert To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF237128DE.39E732F9-ON88256A81.001DCC05>