From owner-freebsd-questions@FreeBSD.ORG Sun Nov 7 18:57:35 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA07816A4CE for ; Sun, 7 Nov 2004 18:57:35 +0000 (GMT) Received: from twiddle.look.ca (beta1.look.ca [207.136.80.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5AB3443D1F for ; Sun, 7 Nov 2004 18:57:35 +0000 (GMT) (envelope-from david+dated+1100285826.d4e990@skytrackercanada.com) Received: from [209.161.205.12] (helo=3s1.com) by twiddle.look.ca with esmtp (Exim 4.20) id 1CQsEG-0004Bn-DK for questions@freebsd.org; Sun, 07 Nov 2004 18:57:32 +0000 Received: (from root@localhost) by 3s1.com (8.12.8p1/8.12.8) id iA7IvQUf007746 for questions@freebsd.org; Sun, 7 Nov 2004 13:57:26 -0500 (EST) (envelope-from david+dated+1100285826.d4e990@skytrackercanada.com) Received: from 3s1.com (localhost [127.0.0.1]) by 3s1.com (8.12.8p1/8.9.3) with ESMTP id iA7IvI0i007696 for ; Sun, 7 Nov 2004 13:57:23 -0500 (EST) Received: (from david@localhost) by 3s1.com (8.12.8p1/8.12.8/Submit) id iA7Iv9YV007671 for questions@freebsd.org; Sun, 7 Nov 2004 13:57:09 -0500 (EST) (envelope-from david+dated+1100285826.d4e990@skytrackercanada.com) X-Authentication-Warning: 3s1.com: david set sender to david+dated+1100285826.d4e990@skytrackercanada.com using -f Received: by 3s1.com (tmda-sendmail, from uid 1000); Sun, 07 Nov 2004 13:57:06 -0500 (EST) Date: Sun, 7 Nov 2004 13:57:05 -0500 To: questions@freebsd.org Message-ID: <20041107185705.GA6526@skytrackercanada.com> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.4.2.1i From: David Banning X-Delivery-Agent: TMDA/1.0.2 (Bold Forbes) X-scanner: scanned by Inflex 1.0.12.3 - (http://pldaniels.com/inflex/) X-SA-Exim-Mail-From: david+dated+1100285826.d4e990@skytrackercanada.com Content-Type: text/plain; charset=us-ascii X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on phi.look.ca X-Spam-Level: * X-Spam-Status: No, hits=1.1 required=9.0 tests=FROM_ENDS_IN_NUMS, FROM_HAS_MIXED_NUMS autolearn=no version=2.63 X-SA-Exim-Version: 3.1 (built Tue Feb 24 05:09:27 GMT 2004) X-SA-Exim-Scanned: Yes Subject: ipfw allowing browser only X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Nov 2004 18:57:36 -0000 I am trying to filter out all traffic except browser traffic. So I tried 01000 allow tcp from any to 192.168.1.6 80 01100 allow udp from any to 192.168.1.6 80 01200 deny ip from any to 192.168.1.6 65535 allow ip from any to any But this does not allow browser traffic. I have my browser traffic redirected via ipnat - ipnat rules are; rdr dc0 127.0.0.1/0 port 80 -> 192.168.1.1 port 8180 tcp I don't know what comes first, the redirect or the firewall, so maybe I should be allowing traffic to 8180? My host is 192.168.1.1 and the win browser is at 192.168.1.6 Any help here would be appreciated. --