From owner-freebsd-isp Tue Aug 27 4:15:18 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D134737B400 for ; Tue, 27 Aug 2002 04:15:15 -0700 (PDT) Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8156143E6A for ; Tue, 27 Aug 2002 04:15:15 -0700 (PDT) (envelope-from absinthe@pobox.com) Received: from dhcp068-64-151-24.nt01-c4.cpe.charter-ne.com ([24.151.64.68] helo=laredo.retrovertigo.com) by falcon.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 17jeJS-0002xf-00 for freebsd-isp@FreeBSD.ORG; Tue, 27 Aug 2002 04:15:10 -0700 Content-Type: text/plain; charset="us-ascii" From: Dylan Carlson Reply-To: absinthe@pobox.com To: freebsd-isp@FreeBSD.ORG Subject: Port forwarding recommendations? Date: Tue, 27 Aug 2002 07:15:29 -0400 User-Agent: KMail/1.4.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200208270715.29162.absinthe@pobox.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, There are volumes of mailing list messages out there on the subject of firewalls, but the solutions for different circumstances are not clear. Your recommendations would be appreciated. I have a simple low-end pentium box I want to do the following: - Firewall (ipfilter or ipfw, comfortable with either one) - One external IP assigned via DHCP (from the ISP) - One internal IP serving as a gateway address for a private class C - NAT sharing to 4-5 hosts on the protected, internal subnet - Inbound port forwarding ...where "port forwarding" means listening on a port on the external interface of the firewall and forwarding to a specified internal host for the rule. I have looked at [ /usr/ports/net/portfwd ] but I am not sure how well/if this works with any of the NAT and firewall implementations. Wondering which components you would use, why - and any caveats. I would be thankful for any references as well. Provided I am successful with this I plan on writing up a procedure in DocBook and and kicking it over to the FreeBSD documentation project. TIA, -- Dylan Carlson [absinthe@pobox.com] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message