From owner-freebsd-questions  Mon Nov 15 21:14: 0 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from copland.udel.edu (copland.udel.edu [128.175.13.92])
	by hub.freebsd.org (Postfix) with ESMTP id 1A38614E5B
	for <freebsd-questions@freebsd.org>; Mon, 15 Nov 1999 21:13:57 -0800 (PST)
	(envelope-from papalia@UDel.Edu)
Received: from morgaine (host75-157.student.udel.edu [128.175.75.157])
	by copland.udel.edu (8.9.3/8.9.3) with SMTP id AAA21595
	for <freebsd-questions@freebsd.org>; Tue, 16 Nov 1999 00:13:56 -0500 (EST)
Message-Id: <4.1.19991116000742.009bd6f0@mail.udel.edu>
X-Sender: papalia@mail.udel.edu
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Tue, 16 Nov 1999 00:14:07 -0500
To: freebsd-questions@freebsd.org
From: John <papalia@UDel.Edu>
Subject: IPFW rules - these ok?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hey all...

I'm on a roll tonight with fixing little bugs on my system, so I figure why
stop now.  I think I may have found the solution to my natd problem that I
posted a few times, but being that I'm still learning about IPFW and packet
filtering in general, I'm not too sure about the validity of these rules,
or the potential security issues with them.  They solved me problem when I
use them, but before I commit them permanently, I wanted to get some input
from peopel with more experience :) ...

Setup is two machines - one freebsd, one winblowz.  NIC between the two is
fxp1, NIC from FreeBSD to outside world is fxp0.  1.2.3.4 is used in lieu
of my real IP.  Internal subnet is 192.168.*.  Any input on these would be
greatly appreciated :)  The following output is from ipfw show from when
things were working right.  Firewall set to "open" in /etc/rc.conf

00100	    0    0    divert 6668 ip from any to any via fxp1
00100    0    0    allow ip from any to any via lo0
00150    0    0    allow ip from any to any via fxp0
00175    0    0    allow ip from 128.175.75.157 to 127.0.0.0/8
00200    0    0    deny ip from any to 127.0.0.0/8
65000    0    0    allow ip from any to any
65535    0    0	   deny ip from any to any

Thanks in advance!!!
--John


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message