From owner-freebsd-questions@FreeBSD.ORG Tue Feb 3 06:22:51 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12EE116A4CE for ; Tue, 3 Feb 2004 06:22:51 -0800 (PST) Received: from gco.apana.org.au (gco.apana.org.au [202.12.88.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id E364943D1D for ; Tue, 3 Feb 2004 06:22:47 -0800 (PST) (envelope-from dwamenae@gco.apana.org.au) Received: from ed.edsystems.com.au (dialup3.gco.apana.org.au [202.12.88.147]) by gco.apana.org.au (8.11.6/8.11.6) with ESMTP id i13ERWa32751 for ; Wed, 4 Feb 2004 01:27:32 +1100 From: Emmanuel Dwamena Organization: ED Systems Pty Ltd To: freebsd-questions@FreeBSD.ORG Date: Wed, 4 Feb 2004 00:54:48 +1100 User-Agent: KMail/1.5.2 References: <200402022344.36084.dwamenae@gco.apana.org.au> <4465epk3a5.fsf@be-well.ilk.org> In-Reply-To: <4465epk3a5.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200402040054.48227.dwamenae@gco.apana.org.au> Subject: Re: Which interface do I put natd and ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: dwamenae@gco.apana.org.au List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Feb 2004 14:22:51 -0000 Hi Lowell, Thanks for the info. You are right. I don't need the ip address for the external interface in order to configure the firewall. I couldn't understand the sample files that came with ipfw. I thought I had to follow the sample file the way it was given. Now I know I can change it to the way I want. Thanks once again. regds ed On Tue, 3 Feb 2004 12:40 am, you wrote: > Emmanuel Dwamena writes: > > I need help to set up firewall on my freebsd 5.1 box. I have built new > > kernel with ipfw enabled and is working fine. > > I need to know which of the 3 interfaces do I put the natd and ipfw. > > My freebsd 5.1 box has 2 nic cards. ed0 connects to LAN and ed1 connects > > to adsl modem. I use user ppp to setup the connection to the isp who > > assigns dynamic ip address to the tun0 interface. I have no ip address > > assigned to ed1. I have traffc coming in through the tun0 from outside > > to the LAN. Which of the interfaces do I use to block unwanted traffic > > from the internet.- ed1 or tun0? > > tun0 > > > How do I configure the tun0 interface for the firewall since I > > do not know the interface address before hand? > > You have two choices; either don't use the address in the firewall > setup at all (it isn't really useful...) or use the "me" keyword for > the address (see ipfw(8)). > > > Secondly which interface do I > > place natd? > > tun0 -- email: dwamenae@gco.apana.org.au