From owner-freebsd-questions Sat Nov 18 15:15:23 2000 Delivered-To: freebsd-questions@freebsd.org Received: from relay1.intercom.es (relay1.intercom.es [212.66.160.19]) by hub.freebsd.org (Postfix) with ESMTP id 3A39937B479 for ; Sat, 18 Nov 2000 15:11:34 -0800 (PST) Received: from lix.intercom.es (root@lix.intercom.es [212.66.160.2]) by relay1.intercom.es (8.11.1/8.11.1) with ESMTP id eAILujJ02681; Sat, 18 Nov 2000 22:56:45 +0100 Received: from intercom.es (iv2-197.intercom.es [212.66.169.197]) by lix.intercom.es (8.9.3/8.9.3) with ESMTP id XAA24319; Sat, 18 Nov 2000 23:34:18 +0100 Received: (from megarcia@localhost) by intercom.es (8.11.0/8.11.0) id eAINBuj02156; Sun, 19 Nov 2000 00:11:56 +0100 (CET) (envelope-from megarcia) Date: Sun, 19 Nov 2000 00:11:56 +0100 From: Manuel Enrique Garcia Cuesta To: Sam Carleton Cc: FreeBSD Questions Subject: Re: need help setting up firewall Message-ID: <20001119001156.F1196@ilex.kicelo.org> References: <3A170674.1DFCF40@bigfoot.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 1.0pre2i In-Reply-To: <3A170674.1DFCF40@bigfoot.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG === Sam Carleton escribia (Sat, Nov 18, 2000 at 05:45:08PM -0500): > I have read through the “Setting-up a Dual-Homed Host using IPFW and > NATD”, but the script is not working for me. My setup is a bit > different. My connectivity is via a cable modem. > > * In the article, it looks like the author was setup with a static > external IP address. I have a dynamic ip address. How do I allow the > DHCP server (Cable Modem) broadcasts to get to my outside NIC? Never done this myself, but I guess you have to allow the packets in through your external interface. Check /etc/services for the port numbers. > * In the article, the author is only allowing the inside connections to > connect to known DNS servers. I run a caching DNS server on the inside > so I need to have the firewall configured so that the internal DNS > server can talk to any other DNS server. Your rules look ok to me. > > * In the article, it looks like the author is allowing things like HTTP > and SSH to come into the firewall machine. I want those things to be > passed onto another internal machine. You can use natd's -redirect_port option. Hope this helps Manuel Garcia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message