Date: Tue, 01 Apr 2003 09:37:17 +0200 From: Andreas =?iso-8859-1?Q?Wider=F8e?= Andersen <awand@pragma.no> To: freebsd-questions@freebsd.org Subject: IPFIREWALL_FORWARD help Message-ID: <5.2.0.9.0.20030401090233.02612dd0@mail.pragma.no>
next in thread | raw e-mail | index | archive | help
Dear list readers, I'm currently setting up a transparent proxy and I've run into some problems. We're going to use IPFW to route https traffic from the big bad internet into a https enabled webmailserver on a closed network behind a firewall. This network is not using NAT, so I simply need to reroute traffic, atleast that's what I think. I've compiled IPFIREWALL, IPFIRWALL_VERBOSE, IPFIREWALL_VERBOSE_LIMIT* and IPFIREWALL_FORWARD into the kernel of the 4.8 RC system which seems to be working fine. In my /etc/rc.conf file I've set firewall_enable="YES" and firewall_type="CLOSED". I only want to have the ports we need to use open. I'm planning to put all my rules in a file that's loaded during boot: firewall_type="/path/to/my.rules" later. Should I use firewall_type or firewall_script for this? What's the difference? I've been searching for information on how to apply my rules for forwarding, but haven't found too much yet. Would someone be kind and show me a few examples on how I can add these "pseudo" rules written below? The rules I need are the following: myhost=ip mycomputer=myip allow all (?) from any 443 to myhost 443 (allow incoming https to be forwarded to internal https server) allow tcp from mycomputer 22 to myhost 22 (allow me to ssh into the machine) - Do I need more? DNS? The server will function simply as a router I guess with no other particullar services running. Any help is greatly appreciated. Thanks in advance! Regards, Andreas --- Andreas Widerĝe Andersen <awand@pragma.no> Pragma AS http://www.pragma.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.0.20030401090233.02612dd0>