From owner-freebsd-net Sun May 20 1: 9: 8 2001 Delivered-To: freebsd-net@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 1072737B424 for ; Sun, 20 May 2001 01:09:06 -0700 (PDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f4K9Ncs75791; Sun, 20 May 2001 04:23:38 -0500 (CDT) (envelope-from nick@rogness.net) Date: Sun, 20 May 2001 04:23:37 -0500 (CDT) From: Nick Rogness X-Sender: nick@cody.jharris.com To: "Orville R. Weyrich.Jr" Cc: "Freebsd Net (E-mail)" Subject: Re: Restricting traffic on one interface In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 19 May 2001, Orville R. Weyrich.Jr wrote: > I have a dual homed FreeBSD-4.3 machine and want to restrict traffic > on one interface but not the other (one interface is to a trusted > network and the other is not). > > What I want is the untrusted interface to only present SMTP and HTTP > ports, while the trusted interface presents telnet, ftp, NFS, SMB, > etc. > > What is the best way to do this? The machine does NOT have IP > forwarding enabled. Run a firewall to block traffic on that interface. You can search the archives or the web for more information. See also ipfw man page. Of course, there are other ways to do this, but firewalling is probably best suited for this task. Nick Rogness - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message