Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 23 Dec 1999 11:26:07 -0800
From:      "Richard Pouncy" <pouncy@rtscomputer.net>
To:        <freebsd-questions@FreeBSD.ORG>
Subject:   Simple or Open Firewall
Message-ID:  <008c01bf4d7b$8fb20cf0$0201a8c0@rp.com>
next in thread | raw e-mail | index | archive | help 
Happy Holidays All,

I am having a problem with setting up network Address Translations
(NATD) to maintain some inbound security while allowing some ports
(8080) to be diverted to another machine running on a private network
(192.168.1.0/255.255.255.0). When the rules for the firewall is set to
"open" ( $fwcmd add 65000 pass all from any to any), the translation and
diverting works great. But when trying to set some security rules,
everything stops working.


natd.conf file with the following in it:

interface ed0
deny_incoming   no
use_sockets     yes
same_ports      yes
redirect_port tcp 192.168.1.2:80 8080

content of the rc.firewall file:

# Allow TCP through if setup succeeded
    $fwcmd add pass tcp from any to any established

    # Allow setup of incoming email
    $fwcmd add pass tcp from any to ${oip} 25 setup

    # Allow access to out ftp server
    $fwcmd add pass tcp from any  to ${oip} 21 setup

    # Allow access to out Telnet server
    $fwcmd add pass tcp from 63.194.21.189 to ${oip} 23 setup

    # Allow access to our DNS
    $fwcmd add pass tcp from any to ${oip} 53 setup

    # Allow access to our WWW
    $fwcmd add pass tcp from any to ${oip} 80 setup

# Reject&Log all setup of incoming connections from the outside
    $fwcmd add deny log tcp from any to any in via ${oif} setup

    # Allow setup of any other TCP connection
    $fwcmd add pass tcp from any to any setup

    # Allow DNS queries out in the world
    $fwcmd add pass udp from any 53 to ${oip}
    $fwcmd add pass udp from ${oip} to any 53

    # Allow NTP queries out in the world
    #$fwcmd add pass udp from any 123 to ${oip}
    #$fwcmd add pass udp from ${oip} to any 123

    # Everything else is denied as default.



everything works great with: $fwcmd add 65000 pass all from any to any



--
LINUX/UNIX/NT Consultant/Administrator
Richard Pouncy          Voice: 310-213-4RTS
ICQ# : 31450231
http://www.rtscomputer.net



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008c01bf4d7b$8fb20cf0$0201a8c0>