From owner-freebsd-questions@FreeBSD.ORG Mon Feb 2 05:40:54 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E823816A4ED for ; Mon, 2 Feb 2004 05:40:52 -0800 (PST) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C3D743D39 for ; Mon, 2 Feb 2004 05:40:51 -0800 (PST) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.no-ip.com ([66.30.196.44]) by comcast.net (sccrmhc11) with ESMTP id <2004020213405101100j0j2me>; Mon, 2 Feb 2004 13:40:51 +0000 Received: by be-well.no-ip.com (Postfix, from userid 1147) id B66F512; Mon, 2 Feb 2004 08:40:50 -0500 (EST) Sender: lowell@be-well.ilk.org To: dwamenae@gco.apana.org.au References: <200402022344.36084.dwamenae@gco.apana.org.au> From: Lowell Gilbert Date: 02 Feb 2004 08:40:50 -0500 In-Reply-To: <200402022344.36084.dwamenae@gco.apana.org.au> Message-ID: <4465epk3a5.fsf@be-well.ilk.org> Lines: 30 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-questions@FreeBSD.ORG Subject: Re: Which interface do I put natd and ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@FreeBSD.ORG List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Feb 2004 13:40:54 -0000 Emmanuel Dwamena writes: > I need help to set up firewall on my freebsd 5.1 box. I have built new kernel > with ipfw enabled and is working fine. > I need to know which of the 3 interfaces do I put the natd and ipfw. > My freebsd 5.1 box has 2 nic cards. ed0 connects to LAN and ed1 connects to > adsl modem. I use user ppp to setup the connection to the isp who assigns > dynamic ip address to the tun0 interface. I have no ip address assigned to > ed1. I have traffc coming in through the tun0 from outside to the LAN. Which > of the interfaces do I use to block unwanted traffic from the internet.- ed1 > or tun0? tun0 > How do I configure the tun0 interface for the firewall since I do > not know the interface address before hand? You have two choices; either don't use the address in the firewall setup at all (it isn't really useful...) or use the "me" keyword for the address (see ipfw(8)). > Secondly which interface do I > place natd? tun0 -- Lowell Gilbert, embedded/networking software engineer, Boston area: resume/CV at http://be-well.ilk.org:8088/~lowell/resume/ username/password "public"