From owner-freebsd-questions@FreeBSD.ORG Sun Jun 12 05:16:37 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DC4B16A41C for ; Sun, 12 Jun 2005 05:16:37 +0000 (GMT) (envelope-from root@pukruppa.de) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06DEA43D53 for ; Sun, 12 Jun 2005 05:16:36 +0000 (GMT) (envelope-from root@pukruppa.de) Received: from reverse-213-146-114-24.cust.kamp-dsl.de [213.146.114.24] (helo=reverse-213-146-114-24.cust.kamp-dsl.de) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0ML21M-1DhKpl1wAn-00027J; Sun, 12 Jun 2005 07:16:33 +0200 Date: Sun, 12 Jun 2005 07:17:53 +0200 (CEST) From: "P.U.Kruppa" X-X-Sender: root@www.pukruppa.net To: Paul Dufresne In-Reply-To: <1118551395.29106.236171214@webmail.messagingengine.com> Message-ID: <20050612065236.C1048@www.pukruppa.net> References: <20050609181128.G48525@www.pukruppa.net> <1118551395.29106.236171214@webmail.messagingengine.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Provags-ID: kundenserver.de abuse@kundenserver.de login:2446dbdf8275641f979193ced594c629 Cc: dk dkrules , "P.U.Kruppa" , freebsd-questions@freebsd.org Subject: Re: Setting a simple firewall for PPPoE connection X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jun 2005 05:16:37 -0000 On Sun, 12 Jun 2005, Paul Dufresne wrote: > > On Thu, 9 Jun 2005 18:22:45 +0200 (CEST), "P.U.Kruppa" > said: >> On Thu, 9 Jun 2005, dk dkrules wrote: >> >>> I am very dissappointed. I have been looking on the net for 3 days now >>> looking for easy setup guides or How to guides and setting up FreeBSD 5.x >>> with transparent proxy and firewall and there simply is no easy way >>> explaining to beginners how to do such a setup. >> 1) Before you start playing around with squid and firewall you >> have to make sure your FreeBSD box works as a gateway. >> 2) When this is done look into google for setup of squid as a >> transparent proxy (these are two or three entries in a config >> file). >> 3) enable firewall in /etc/rc.conf with lines like >> firewall_enable="YES" >> firewall_script="/etc/firewall.conf" >> 4) edit your /etc/firewall.conf with something like >> >> ipfw add 500 fwd 127.0.0.1 tcp from any to any 80 recv rl0 >> ipfw add 60000 allow all from any to any >> >> where rl0 is the device name of your NIC. >> 5) reboot > > Well, I feel a bit like the original poster. Oops?! As you can see I answered a question about transparent proxying - which is interesting, too, but quite a different topic. > I had in mind of activating a firewall for my PPPoE connection > a bit like it is easy to do on Windows XP. There exists a very simple way to activate a firewall in freebsd: # /stand/sysinstall will open FreeBSD's installation menu. -> Configure -> Security -> Security Profile gives you two options for standard firewalls. > Now, maybe I can use 127.0.0.1 like you did in step 4 above, but > I don't really understand these rules yet. It looks like to me the > first one accept HTTP traffic (port 80) and that the second one > accept every traffic. I would have expected that the second one > would refuse every traffic, leaving only traffic from the first > rule to go through. As I said: this is a setup for a transparent proxy, not a security firewall. It just catches all http requests (port 80) and forces them to check Squid's cache. Squid is the proxy-program. Good Luck, Uli. ********************************************* * Peter Ulrich Kruppa - Wuppertal - Germany * *********************************************