From owner-freebsd-questions@FreeBSD.ORG Sun Jun 12 06:54:54 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5523B16A41C for ; Sun, 12 Jun 2005 06:54:54 +0000 (GMT) (envelope-from dmitry.mityugov@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id E61A643D49 for ; Sun, 12 Jun 2005 06:54:53 +0000 (GMT) (envelope-from dmitry.mityugov@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so845246wri for ; Sat, 11 Jun 2005 23:54:53 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=M3e/JE3gBtrmWWEUJssthRZpoWAbofXE+0mojXHwgBQvl4INjNQwOxyMLSOMBdkwE9NEn8lOx8fcmcv5NwNwb8SDA8LrYE5MoczI7uwqPjXmEey1lTMS2Hd73oA9fHBg2omwzIHPurny21Krpcx/jRZJ+P3sUCyoh44pUf/CASw= Received: by 10.54.8.62 with SMTP id 62mr2047726wrh; Sat, 11 Jun 2005 23:54:53 -0700 (PDT) Received: by 10.54.56.33 with HTTP; Sat, 11 Jun 2005 23:54:53 -0700 (PDT) Message-ID: Date: Sun, 12 Jun 2005 10:54:53 +0400 From: Dmitry Mityugov To: Paul Dufresne In-Reply-To: <1118551395.29106.236171214@webmail.messagingengine.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20050609181128.G48525@www.pukruppa.net> <1118551395.29106.236171214@webmail.messagingengine.com> Cc: dk dkrules , "P.U.Kruppa" , freebsd-questions@freebsd.org Subject: Re: Setting a simple firewall for PPPoE connection X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dmitry Mityugov List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jun 2005 06:54:54 -0000 On 6/12/05, Paul Dufresne wrote: >=20 > On Thu, 9 Jun 2005 18:22:45 +0200 (CEST), "P.U.Kruppa" > said: > > On Thu, 9 Jun 2005, dk dkrules wrote: > > > > > I am very dissappointed. I have been looking on the net for 3 days no= w > > > looking for easy setup guides or How to guides and setting up FreeBSD= 5.x > > > with transparent proxy and firewall and there simply is no easy way > > > explaining to beginners how to do such a setup. > > 1) Before you start playing around with squid and firewall you > > have to make sure your FreeBSD box works as a gateway. > > 2) When this is done look into google for setup of squid as a > > transparent proxy (these are two or three entries in a config > > file). > > 3) enable firewall in /etc/rc.conf with lines like > > firewall_enable=3D"YES" > > firewall_script=3D"/etc/firewall.conf" > > 4) edit your /etc/firewall.conf with something like > > > > ipfw add 500 fwd 127.0.0.1 tcp from any to any 80 recv rl0 > > ipfw add 60000 allow all from any to any > > > > where rl0 is the device name of your NIC. > > 5) reboot ... > But the main question is: "How to deal with dynamic IP > address when writing firewall rules?" Hopefully you'll find this link helpful: http://www.defcon1.org/html/Networking_Articles/Firewall-Ipfw/firewall-ipfw= .html. --=20 Dmitry "We live less by imagination than despite it" - Rockwell Kent, "N by E"