Date: Sun, 7 Nov 2004 19:15:21 -0500 From: David Banning <david+dated+1100304935.5252ad@skytrackercanada.com> To: Ara <ara@avvali.com>, questions@freebsd.org Subject: Re: ipfw allowing browser only Message-ID: <20041108001519.GB73403@skytrackercanada.com> In-Reply-To: <200411071919.iA7JJN0i011013@3s1.com> References: <20041107185705.GA6526@skytrackercanada.com> <200411071919.iA7JJN0i011013@3s1.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello > You only need tcp 80 on regular http and 443 for ssl, https > I don't get what exactly are you trying to do? Are you publishing a web > server to external clients behind a firewall? Any diagram text would be nice This is simply to block all on the network from using any port except 80. I want to block Messenger. If it starts running on port 80 then I am told I can block it via squid/dansguardian. Internet <> router server <filtered only port 80> client winbox (192.168.1.6) > > Internet <> router (192.168.1.6) <> webserver(192.168.1.1) > Is this right? Yes. > > > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of David Banning > Sent: November 7, 2004 1:57 PM > To: questions@freebsd.org > Subject: ipfw allowing browser only > > I am trying to filter out all traffic except browser traffic. > So I tried > > 01000 allow tcp from any to 192.168.1.6 80 > 01100 allow udp from any to 192.168.1.6 80 > 01200 deny ip from any to 192.168.1.6 > 65535 allow ip from any to any > > But this does not allow browser traffic. > > I have my browser traffic redirected via ipnat - ipnat rules are; > > rdr dc0 127.0.0.1/0 port 80 -> 192.168.1.1 port 8180 tcp > > I don't know what comes first, the redirect or the firewall, so maybe > I should be allowing traffic to 8180? > > My host is 192.168.1.1 and the win browser is at 192.168.1.6 > > Any help here would be appreciated. > > -- > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041108001519.GB73403>