Date: Sun, 12 Jun 2005 07:17:53 +0200 (CEST) From: "P.U.Kruppa" <root@pukruppa.de> To: Paul Dufresne <dufresnep@fastmail.fm> Cc: dk dkrules <dkrules7@hotmail.com>, "P.U.Kruppa" <root@pukruppa.de>, freebsd-questions@freebsd.org Subject: Re: Setting a simple firewall for PPPoE connection Message-ID: <20050612065236.C1048@www.pukruppa.net> In-Reply-To: <1118551395.29106.236171214@webmail.messagingengine.com> References: <BAY21-F20031309C5747F0945F69F8AFC0@phx.gbl> <20050609181128.G48525@www.pukruppa.net> <1118551395.29106.236171214@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 12 Jun 2005, Paul Dufresne wrote: > > On Thu, 9 Jun 2005 18:22:45 +0200 (CEST), "P.U.Kruppa" > <root@pukruppa.de> said: >> On Thu, 9 Jun 2005, dk dkrules wrote: >> >>> I am very dissappointed. I have been looking on the net for 3 days now >>> looking for easy setup guides or How to guides and setting up FreeBSD 5.x >>> with transparent proxy and firewall and there simply is no easy way >>> explaining to beginners how to do such a setup. >> 1) Before you start playing around with squid and firewall you >> have to make sure your FreeBSD box works as a gateway. >> 2) When this is done look into google for setup of squid as a >> transparent proxy (these are two or three entries in a config >> file). >> 3) enable firewall in /etc/rc.conf with lines like >> firewall_enable="YES" >> firewall_script="/etc/firewall.conf" >> 4) edit your /etc/firewall.conf with something like >> >> ipfw add 500 fwd 127.0.0.1 tcp from any to any 80 recv rl0 >> ipfw add 60000 allow all from any to any >> >> where rl0 is the device name of your NIC. >> 5) reboot > > Well, I feel a bit like the original poster. Oops?! As you can see I answered a question about transparent proxying - which is interesting, too, but quite a different topic. > I had in mind of activating a firewall for my PPPoE connection > a bit like it is easy to do on Windows XP. There exists a very simple way to activate a firewall in freebsd: # /stand/sysinstall will open FreeBSD's installation menu. -> Configure -> Security -> Security Profile gives you two options for standard firewalls. > Now, maybe I can use 127.0.0.1 like you did in step 4 above, but > I don't really understand these rules yet. It looks like to me the > first one accept HTTP traffic (port 80) and that the second one > accept every traffic. I would have expected that the second one > would refuse every traffic, leaving only traffic from the first > rule to go through. As I said: this is a setup for a transparent proxy, not a security firewall. It just catches all http requests (port 80) and forces them to check Squid's cache. Squid is the proxy-program. Good Luck, Uli. ********************************************* * Peter Ulrich Kruppa - Wuppertal - Germany * *********************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050612065236.C1048>