From owner-freebsd-net  Sun May 20 10:45:53 2001
Delivered-To: freebsd-net@freebsd.org
Received: from mario.zyan.com (mario.zyan.com [209.250.96.140])
	by hub.freebsd.org (Postfix) with ESMTP id 213EA37B440
	for <freebsd-net@FreeBSD.ORG>; Sun, 20 May 2001 10:45:50 -0700 (PDT)
	(envelope-from orville@weyrich.com)
Received: from dopey.weyrich.com (orville@node-64-249-12-250.dslspeed.zyan.com [64.249.12.250])
	by mario.zyan.com (8.9.3/8.9.3) with ESMTP id KAA11765
	for ; Sun, 20 May 2001 10:45:49 -0700 (PDT)
	(envelope-from orville@weyrich.com)
Received: from localhost (orville@localhost) by dopey.weyrich.com (8.9.3/8.6.9) with ESMTP id KAA08005; Sun, 20 May 2001 10:29:55 -0700
Date: Sun, 20 May 2001 10:29:55 -0700 (MST)
From: "Orville R. Weyrich.Jr" <orville@weyrich.com>
To: Nick Rogness <nick@rogness.net>
Cc: "Freebsd Net (E-mail)" <freebsd-net@FreeBSD.ORG>
Subject: Re: Restricting traffic on one interface
In-Reply-To: <Pine.BSF.4.21.0105200420270.65985-100000@cody.jharris.com>
Message-ID: <Pine.LNX.4.10.10105201028420.3361-100000@dopey.weyrich.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Yes, a firewall.  This machine IS the inner side of a firewall -- I want
to stop any unwanted traffic that gets through the outer firewall.

orville.

On Sun, 20 May 2001, Nick Rogness wrote:

> On Sat, 19 May 2001, Orville R. Weyrich.Jr wrote:
> 
> > I have a dual homed FreeBSD-4.3 machine and want to restrict traffic
> > on one interface but not the other (one interface is to a trusted
> > network and the other is not).
> > 
> 
> > What I want is the untrusted interface to only present SMTP and HTTP
> > ports, while the trusted interface presents telnet, ftp, NFS, SMB,
> > etc.
> 
> > 
> > What is the best way to do this?  The machine does NOT have IP
> > forwarding enabled.
> 
> 	Run a firewall to block traffic on that interface. You can search
> 	the archives or the web for more information.  See also ipfw man
> 	page.
> 
> 	Of course, there are other ways to do this, but firewalling is
> 	probably best suited for this task.
> 
> Nick Rogness <nick@rogness.net>
>  - Keep on Routing in a Free World...
>   "FreeBSD: The Power to Serve!"
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
> 

===================================================================
IF YOU WANT REFORM >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> VOTE REFORM
-------------------------------------------------------------------
Orville R. Weyrich, Jr.                 Weyrich Computer Consulting
mailto:orville@weyrich.com     KD7HJV        http://www.weyrich.com
-------------------------------------------------------------------
Visit our online collection of book reviews:

		  http://www.weyrich.com/book_reviews/

Ask about our world wide web services!
-------------------------------------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message