From owner-freebsd-questions@FreeBSD.ORG Sun Nov 7 19:19:07 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE86F16A4CE for ; Sun, 7 Nov 2004 19:19:07 +0000 (GMT) Received: from host220.ipowerweb.com (host220.ipowerweb.com [66.235.203.181]) by mx1.FreeBSD.org (Postfix) with SMTP id 6E2EF43D2F for ; Sun, 7 Nov 2004 19:19:07 +0000 (GMT) (envelope-from ara@avvali.com) Received: (qmail 2853 invoked from network); 7 Nov 2004 19:18:07 -0000 Received: from unknown (HELO binbinilqygidj) (69.193.88.144) by host220.ipowerweb.com with SMTP; 7 Nov 2004 19:18:07 -0000 From: "Ara" To: "'David Banning'" , Date: Sun, 7 Nov 2004 14:19:01 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 In-Reply-To: <20041107185705.GA6526@skytrackercanada.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181 Thread-Index: AcTE/OQL3WO/iThUS+a9S0sPIbXR2AAATrnw Message-Id: <20041107191907.6E2EF43D2F@mx1.FreeBSD.org> Subject: RE: ipfw allowing browser only X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Nov 2004 19:19:07 -0000 Hello You only need tcp 80 on regular http and 443 for ssl, https I don't get what exactly are you trying to do? Are you publishing a web server to external clients behind a firewall? Any diagram text would be nice Internet <> router (192.168.1.6) <> webserver(192.168.1.1) Is this right? -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of David Banning Sent: November 7, 2004 1:57 PM To: questions@freebsd.org Subject: ipfw allowing browser only I am trying to filter out all traffic except browser traffic. So I tried 01000 allow tcp from any to 192.168.1.6 80 01100 allow udp from any to 192.168.1.6 80 01200 deny ip from any to 192.168.1.6 65535 allow ip from any to any But this does not allow browser traffic. I have my browser traffic redirected via ipnat - ipnat rules are; rdr dc0 127.0.0.1/0 port 80 -> 192.168.1.1 port 8180 tcp I don't know what comes first, the redirect or the firewall, so maybe I should be allowing traffic to 8180? My host is 192.168.1.1 and the win browser is at 192.168.1.6 Any help here would be appreciated. -- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"