Date: Tue, 01 Apr 2003 09:37:17 +0200 From: Andreas =?iso-8859-1?Q?Wider=F8e?= Andersen <awand@pragma.no> To: freebsd-questions@freebsd.org Subject: IPFIREWALL_FORWARD help Message-ID: <5.2.0.9.0.20030401090233.02612dd0@mail.pragma.no>
next in thread | raw e-mail | index | archive | help
Dear list readers, I'm currently setting up a transparent proxy and I've run into some=20 problems. We're going to use IPFW to route https traffic from the big bad=20 internet into a https enabled webmailserver on a closed network behind a=20 firewall. This network is not using NAT, so I simply need to reroute=20 traffic, atleast that's what I think. I've compiled IPFIREWALL, IPFIRWALL_VERBOSE, IPFIREWALL_VERBOSE_LIMIT* and= =20 IPFIREWALL_FORWARD into the kernel of the 4.8 RC system which seems to be=20 working fine. In my /etc/rc.conf file I've set firewall_enable=3D"YES" and=20 firewall_type=3D"CLOSED". I only want to have the ports we need to use open.= =20 I'm planning to put all my rules in a file that's loaded during boot:=20 firewall_type=3D"/path/to/my.rules" later. Should I use firewall_type or=20 firewall_script for this? What's the difference? I've been searching for information on how to apply my rules for=20 forwarding, but haven't found too much yet. Would someone be kind and show= =20 me a few examples on how I can add these "pseudo" rules written below? The rules I need are the following: myhost=3Dip mycomputer=3Dmyip allow all (?) from any 443 to myhost 443 (allow incoming https to be=20 forwarded to internal https server) allow tcp from mycomputer 22 to myhost 22 (allow me to ssh into the machine) - Do I need more? DNS? The server will function simply as a router I guess with no other=20 particullar services running. Any help is greatly appreciated. Thanks in advance! Regards, Andreas --- Andreas Wider=F8e Andersen <awand@pragma.no> Pragma AS http://www.pragma.no=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.0.20030401090233.02612dd0>