Date: Sat, 17 Mar 2001 00:40:51 -0600 From: Bill Fumerola <billf@mu.org> To: "Ramoncito P. Puyat" <nitronarc@iname.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: firewall with DMZ setup Message-ID: <20010317004051.J362@elvis.mu.org> In-Reply-To: <5.0.2.1.2.20010317125238.009e9990@localhost>; from nitronarc@iname.com on Sat, Mar 17, 2001 at 12:59:31PM %2B0800 References: <5.0.2.1.2.20010317125238.009e9990@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 17, 2001 at 12:59:31PM +0800, Ramoncito P. Puyat wrote:
> Our company wants to serve web pages from our local location. We would like
> to set-up a ipfw/natd with a DMZ deature. Our server has three NICs (ed0 -
> outside if, rl0 - inside if and dc0 - DMZ if). We use the 192.168.0.0/24
> address range for rl0. We want to use the 192.168.1.0/24 address range for
> our DMZ. How do we go about this? What rules can we use to divert ip
> traffic to our WWW, POP3, SMTP and other servers in the DMZ.
step 1: read 'man natd', specifically the parts on installation/setup
step 2: read /etc/rc.firewall. twice.
step 3: read 'man natd', specifically the parts on -redirect_{port,address}
step 4: adapt the 'simple' firewall type in /etc/rc.firewall to your network.
add 'dif/dnet/dmask/dip' for your dmz. keep in mind the difference
between public ip space and private ip space when writing rules.
--
Bill Fumerola - security yahoo / Yahoo! inc.
- fumerola@yahoo-inc.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010317004051.J362>