Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 5 Apr 2003 12:49:07 -0800
From:      Joshua Lokken <joshualokken@attbi.com>
To:        John Meyer <john@ast.com.na>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Firewall
Message-ID:  <20030405204906.GB8467@joloxbox.joshualokken.com>
In-Reply-To: <000a01c2f84f$923077f0$09cba8c0@Gunther1>
References:  <000a01c2f84f$923077f0$09cba8c0@Gunther1>
next in thread | previous in thread | raw e-mail | index | archive | help 
* John Meyer (john@ast.com.na) wrote:
==> 
==> Good Day.
==> 
==> I have a small problem compared to the problems listed here. I have Freebsd
==> v3.1 (fairly old). I have compiled the kernel with
==> options IPFIREWALL and
==> options IPDIVERT
==> options IPFIREWALL_VERBOSE
==> 
==> in my rc.conf file I have
==> gateway_enable="YES"
==> firewall_enable="YES"
==> firewall_type="/etc/firewall.ast"
==> natd_interface="vx0"
==> natd_flags=""
==> 
==> In the etc dir I have a file called firewall.ast.
==> 
==> My problem is I seem to get an error at bootup stating as if you are running
==> ipfw cmd without options. I have disabled all the rules in firewall.ast
==> except the first one.
==> add 00100 tcp from any to any
==> 
==> When I disable that as well all seems to work well. It looks like the option
==> in rc.conf firewall_type="/etc/firewall.ast" does not get interpreted
==> correctly.

I'm ceratinly no expert, and have only used FreeBSD since 4.5, but here
goes.  I think you need:

firewall_enable="YES"
firewall_script="/etc/firewall.ast"

If you use the firewall_type option, I think it wants to use that type
of firewall from /etc/rc.firewall, ie SIMPLE, OPEN, CLOSED, etc.

==> 2nd Problem is I need to divert my public ip port 80 to a private ip port 80
==> what are the steps in natd to follow without compromising my security on the
==> private side.

No problem.  This is a nat function.  You need, either in rc.conf or
/etc/natd.conf:

#cat /etc/natd.conf
redirect_port tcp 10.0.0.2:80 80

and then, in rc.conf:

natd_flags="/etc/natd.conf"

==> Thank you very much in advance for any assistance.

Glad to [hopefully] help ;)

==> John Meyer
==> AST Namibia
==>

--
Joshua

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030405204906.GB8467>