Date: Wed, 10 Dec 1997 13:38:21 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: garyb@fly.com (Gary Blumenstein) Cc: freebsd-isp@freebsd.org Subject: Re: ipfw rule needed Message-ID: <199712102138.NAA19732@bubba.whistle.com> In-Reply-To: <Pine.BSF.3.96.971210100457.19886B-100000@fly.com> from Gary Blumenstein at "Dec 10, 97 10:54:34 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Gary Blumenstein writes: > Can anyone help me define a working rule combination that allows smtp > traffic to and from a specific host sitting outside my firewall? By > default, I block all ip traffic to the network where this particular host > resides, so I want to install a a more specific rule earlier in the chain > that preferably defines the port numbers on both the inbound and outbound > packet (ie. port 25 and corresponding "ack" response flags on ports > > 1024) If 1.2.3.4 is your mail host and 192.168.1.0/24 is your internal network.. - For connections from inside clients to outside SMTP server: ipfw add 10 allow tcp from 192.168.1.0/24 to 1.2.3.4 25 ipfw add 10 allow tcp from 1.2.3.4 25 to 192.168.1.0/24 established - For connections from outside SMTP server to inside clients: ipfw add 10 allow tcp from 1.2.3.4 to 192.168.1.0/24 25 ipfw add 10 allow tcp from 192.168.1.0/24 25 to 1.2.3.4 established - For both, do all four rules. > P.S. Also, is there a FAQ (besides the FreeBSD faq) for this mailing > list? I'm a new member. Not that I've heard of.. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712102138.NAA19732>