Date: Mon, 20 Nov 2000 13:46:08 -0800 From: "Peter Brezny" <peter@sysadmin-inc.com> To: "'Hamilton Hoover'" <hamilton@twopoint.com> Cc: <freebsd-net@freebsd.org> Subject: RE: dual homed gateway system running ipfw and nat. need rules help. Message-ID: <001001c0533b$4b164360$46010a0a@sysadmininc.com> In-Reply-To: <3A196E28.3A9806A1@twopoint.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hamilton,
You sound like you are on the right track with your firewall line, and yes,
it does open up that port...You might consider stateful rules to tighten
things up a bit (man ipfw).
For mpd, you'll need something like this in your ruleset to get it going.
# Allow connections on pptp.
$fwcmd add pass tcp from any 1723 to any 1024-65535 out xmit $oif
$fwcmd add pass tcp from any 1024-65535 to any 1723 in recv $oif
$fwcmd add pass 47 from any to any out xmit $oif
$fwcmd add pass 47 from any to any in recv $oif
the mpd-netgraph port is very well documented (just install the port and
have a look in these directories:
/usr/ports/net/mpd-netgraph/work/mpd-3.0/doc/mpd.html
and
/usr/ports/net/mpd-netgraph/work/mpd-3.0/README
Hope this helps!
Peter Brezny
SysAdmin Services Inc.
-----Original Message-----
From: owner-freebsd-net@FreeBSD.ORG
[mailto:owner-freebsd-net@FreeBSD.ORG]On Behalf Of Hamilton Hoover
Sent: Monday, November 20, 2000 10:32 AM
To: freebsd-net@freebsd.org; freebsd-questions@FreeBSD.ORG
Subject: dual homed gateway system running ipfw and nat. need rules
help.
Hi all,
I am running a dual homed system (2 nics) acting as a gateway/firewall
for our office T1. The private net uses 192.x.x.x and the public uses a
'real' address of 209.x.x.x. The firewall is up and seems to be working
well. I used rc.firewall "simple" and have customized it to our needs.
All outgoing requests appear to to originating from the public
interface. I want to be able to do two things that I have not been able
to figure out yet.
1) We keep out pop server on the private net. I need to be able to get
the incoming mail passed to the mail server that has a 192.x.x.x
address. I was thinking something like:
${fwcmd} pass tcp from any 25 to 192.x.x.x
Is this solid or am I opening myself up from more problems. I don't want
to relay from outside as mail is only checked from inside the private
side.
2) We want to be able to use the gateway/firewall as a PPTP server.
After asking a few questions I decided to go with mpd. I have installed
this and that seems ok. But I also need a rule to allow the incoming
connection from the public net. All connections will be coming from home
users running win9x who have static 'real' ip address. Also as i have
never used mpd or set up a vpn any suggestions on this set up would be
wonderfully helpful.
Hamilton Hoover
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001001c0533b$4b164360$46010a0a>