From owner-freebsd-isp Tue Aug 27 6:48:59 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D45937B400 for ; Tue, 27 Aug 2002 06:48:54 -0700 (PDT) Received: from mta03ps.bigpond.com (mta03ps.bigpond.com [144.135.25.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 308EE43E88 for ; Tue, 27 Aug 2002 06:48:53 -0700 (PDT) (envelope-from leighv@roq.com) Received: from michael ([144.135.25.81]) by mta03ps.bigpond.com (Netscape Messaging Server 4.15 mta03ps May 23 2002 23:53:28) with SMTP id H1I90400.314; Tue, 27 Aug 2002 23:48:04 +1000 Received: from CPE-203-45-56-16.vic.bigpond.net.au ([203.45.56.16]) by psmam05.mailsvc.email.bigpond.com(MailRouter V3.0n 107/5522622); 27 Aug 2002 23:48:04 Message-ID: <004d01c24dd0$5f63d670$2d01a8c0@michael> From: "Leigh V" To: , References: <200208270715.29162.absinthe@pobox.com> Subject: Re: Port forwarding recommendations? Date: Tue, 27 Aug 2002 23:48:06 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You can use my IpFilter,IpNat / DHCP automagic setup script on FreeBSD. www.roq.com/bsd/ Had a few people email me back saying it saved them allot of time. Technically the only information you need to give it is the name of the internal and external nics, you can just hit enter for the rest for a typical 192.168.1.0/24 private network setup. The script doesn't have any port forward rules, but here is a typical one you would add to your /etc/ipnat.rules file to forward identd connections for IRC. rdr rl1 0.0.0.0/0 port 113 -> 192.168.1.5 port 113 tcp rl1 would be your external nic I was thinking of putting IP accounting setup for it as well. The interesting thing about Ipfilter I have noticed but no one else has ever said is that while all the Linux fans are running around saying how great netfilter is with its full stateful firewalling support is now stable for production use, ipfilter has been around for almost 10 years now for BSD :) tail /usr/src/contrib/ipfilter/HISTORY 1.0 22/04/93 - Released ----- Original Message ----- From: "Dylan Carlson" To: Sent: Tuesday, August 27, 2002 9:15 PM Subject: Port forwarding recommendations? > Hi, > > There are volumes of mailing list messages out there on the subject of > firewalls, but the solutions for different circumstances are not clear. Your > recommendations would be appreciated. > > I have a simple low-end pentium box I want to do the following: > > - Firewall (ipfilter or ipfw, comfortable with either one) > - One external IP assigned via DHCP (from the ISP) > - One internal IP serving as a gateway address for a private class C > - NAT sharing to 4-5 hosts on the protected, internal subnet > - Inbound port forwarding > > ...where "port forwarding" means listening on a port on the external interface > of the firewall and forwarding to a specified internal host for the rule. I > have looked at [ /usr/ports/net/portfwd ] but I am not sure how well/if this > works with any of the NAT and firewall implementations. > > Wondering which components you would use, why - and any caveats. I would be > thankful for any references as well. > > Provided I am successful with this I plan on writing up a procedure in DocBook > and and kicking it over to the FreeBSD documentation project. > > TIA, > -- > Dylan Carlson [absinthe@pobox.com] > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message