Date: Mon, 29 Jan 2001 05:26:50 -0800 (PST) From: Benjamin Ossei <ben@cahostnet.net> To: questions@freebsd.org Subject: IPFW Questions Message-ID: <20010129132650.5AD6F2752@sitemail.everyone.net>
next in thread | raw e-mail | index | archive | help
Hi to all. This is going to be long but I'll try to be very clear. In general I'm new to this so it's been a long journey for me. This is what I'm tring to do. I want to build a firewall. This machine is going to be used just as a firewall, at least for now. I have one static address so I want to run NAT. I want to be able to provide the following services. DNS, MAIL, FTP, SSH, and HTTP. I will like to configure this firewall to only allow (incoming) these services. As far as my local network, I'll will allow everything going OUTBOUND. I have enable the firewall, build my custom kernel and denying any from any as the default but using the "open" profile (temporary until I can come up with a configuration that works). I can get out to the internet with no problem for now. The problem starts when I used the "simple" profile. I configured the firewall to allow dns, http, telnet, and ssh but I was having major problems going out of the network. I get an error that says permision denied on the inside interface. I was runing the natd, routed, named, and time service. It seems that when I use that profile, it blocks any access to the internal network and also services that I run on that machine such as natd. How can I have the script allow those services and still protect my network. I get an error also that says, address already in use when the natd daemon runs. Why do I get this? Any help or even better a sample configuratin for this purpose will be helpful. I can look at that and modify as needed. I want to use the rc.firewall as a template. Note: The simple configurations blocks me from runing natd, the time daemon and it sometimes doesn't allow my internal machines out to the internet. What is the best way to configure this? 1: Firewall 2: NAT Or should I reverse this. What will you configure first. Where do I confire NATd. What file? Is it a good idea to have the allow any from any and the deny any from any there? It will look like this at the end of the ruleset 65000 allow any from any (it's here so I don't lock myself out) 65335 deny any from any I know this is long so hopefully I haven't lost anyone. Thanks, Ben _____________________________________________________________ ========GET YOUR FREE E-MAIL============ http://freemail.cahostnet.net Web Hosting http://www.cahostnet.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010129132650.5AD6F2752>