Date: Tue, 27 Aug 2002 23:48:06 +1000 From: "Leigh V" <leighv@roq.com> To: <absinthe@pobox.com>, <freebsd-isp@FreeBSD.ORG> Subject: Re: Port forwarding recommendations? Message-ID: <004d01c24dd0$5f63d670$2d01a8c0@michael> References: <200208270715.29162.absinthe@pobox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You can use my IpFilter,IpNat / DHCP automagic setup script on FreeBSD. www.roq.com/bsd/ Had a few people email me back saying it saved them allot of time. Technically the only information you need to give it is the name of the internal and external nics, you can just hit enter for the rest for a typical 192.168.1.0/24 private network setup. The script doesn't have any port forward rules, but here is a typical one you would add to your /etc/ipnat.rules file to forward identd connections for IRC. rdr rl1 0.0.0.0/0 port 113 -> 192.168.1.5 port 113 tcp rl1 would be your external nic I was thinking of putting IP accounting setup for it as well. The interesting thing about Ipfilter I have noticed but no one else has ever said is that while all the Linux fans are running around saying how great netfilter is with its full stateful firewalling support is now stable for production use, ipfilter has been around for almost 10 years now for BSD :) tail /usr/src/contrib/ipfilter/HISTORY 1.0 22/04/93 - Released ----- Original Message ----- From: "Dylan Carlson" <absinthe@pobox.com> To: <freebsd-isp@FreeBSD.ORG> Sent: Tuesday, August 27, 2002 9:15 PM Subject: Port forwarding recommendations? > Hi, > > There are volumes of mailing list messages out there on the subject of > firewalls, but the solutions for different circumstances are not clear. Your > recommendations would be appreciated. > > I have a simple low-end pentium box I want to do the following: > > - Firewall (ipfilter or ipfw, comfortable with either one) > - One external IP assigned via DHCP (from the ISP) > - One internal IP serving as a gateway address for a private class C > - NAT sharing to 4-5 hosts on the protected, internal subnet > - Inbound port forwarding > > ...where "port forwarding" means listening on a port on the external interface > of the firewall and forwarding to a specified internal host for the rule. I > have looked at [ /usr/ports/net/portfwd ] but I am not sure how well/if this > works with any of the NAT and firewall implementations. > > Wondering which components you would use, why - and any caveats. I would be > thankful for any references as well. > > Provided I am successful with this I plan on writing up a procedure in DocBook > and and kicking it over to the FreeBSD documentation project. > > TIA, > -- > Dylan Carlson [absinthe@pobox.com] > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004d01c24dd0$5f63d670$2d01a8c0>