From owner-freebsd-questions@FreeBSD.ORG Mon Mar 31 23:38:54 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC50B37B401 for ; Mon, 31 Mar 2003 23:38:54 -0800 (PST) Received: from vixen.pragma.no (rudolph.pragma.no [212.20.194.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47D2843FA3 for ; Mon, 31 Mar 2003 23:38:53 -0800 (PST) (envelope-from awand@pragma.no) Received: from vable.pragma.no (DNSSPOOFER [212.20.194.160]) by vixen.pragma.no (Netscape Messaging Server 4.15) with ESMTP id HCNMI200.GR0 for ; Tue, 1 Apr 2003 09:37:14 +0200 Message-Id: <5.2.0.9.0.20030401090233.02612dd0@mail.pragma.no> X-Sender: awand@mail.pragma.no X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Tue, 01 Apr 2003 09:37:17 +0200 To: freebsd-questions@freebsd.org From: Andreas =?iso-8859-1?Q?Wider=F8e?= Andersen Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable Subject: IPFIREWALL_FORWARD help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Apr 2003 07:38:55 -0000 Dear list readers, I'm currently setting up a transparent proxy and I've run into some=20 problems. We're going to use IPFW to route https traffic from the big bad=20 internet into a https enabled webmailserver on a closed network behind a=20 firewall. This network is not using NAT, so I simply need to reroute=20 traffic, atleast that's what I think. I've compiled IPFIREWALL, IPFIRWALL_VERBOSE, IPFIREWALL_VERBOSE_LIMIT* and= =20 IPFIREWALL_FORWARD into the kernel of the 4.8 RC system which seems to be=20 working fine. In my /etc/rc.conf file I've set firewall_enable=3D"YES" and=20 firewall_type=3D"CLOSED". I only want to have the ports we need to use open.= =20 I'm planning to put all my rules in a file that's loaded during boot:=20 firewall_type=3D"/path/to/my.rules" later. Should I use firewall_type or=20 firewall_script for this? What's the difference? I've been searching for information on how to apply my rules for=20 forwarding, but haven't found too much yet. Would someone be kind and show= =20 me a few examples on how I can add these "pseudo" rules written below? The rules I need are the following: myhost=3Dip mycomputer=3Dmyip allow all (?) from any 443 to myhost 443 (allow incoming https to be=20 forwarded to internal https server) allow tcp from mycomputer 22 to myhost 22 (allow me to ssh into the machine) - Do I need more? DNS? The server will function simply as a router I guess with no other=20 particullar services running. Any help is greatly appreciated. Thanks in advance! Regards, Andreas --- Andreas Wider=F8e Andersen Pragma AS http://www.pragma.no=20