From owner-freebsd-questions Sun May 5 5:49:55 2002 Delivered-To: freebsd-questions@freebsd.org Received: from axel.truedestiny.net (a185066.upc-a.chello.nl [62.163.185.66]) by hub.freebsd.org (Postfix) with ESMTP id 9F6AC37B403 for ; Sun, 5 May 2002 05:49:47 -0700 (PDT) Received: by axel.truedestiny.net (Postfix, from userid 1000) id 6CCA249AB2; Sun, 5 May 2002 14:49:48 +0200 (CEST) Date: Sun, 5 May 2002 14:49:48 +0200 From: Axel Scheepers To: Kathy Quinlan Cc: questions@FreeBSD.ORG Subject: Re: firewalls and ip filtering ?? Message-ID: <20020505144948.E21194@mars.thuis> Reply-To: Axel Scheepers References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from katinka@magestower.com on Thu, May 02, 2002 at 06:28:40PM +0800 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi Kathy, On Thu, May 02, 2002 at 06:28:40PM +0800, Kathy Quinlan wrote: > Hi all that was the best subject I could think of lol. > > I need to rebuild my firewall and I am at a loss, I used to use Natd, but > since moving over to ADSL I have used the -nat switch in ppp. how do I > redirect all requests to ppp's nat like I used to do for Natd. That has been a while for me. As I remember correctly you can also set up some basic filtering with ppp, see man ppp and the example in /usr/share/examples/ppp/ppp.conf.sample You'll see that ppp can handle NAT and basic filtering which might be enough for the things you need to do. > > How can I restrict a certain computer to access only selected IP addresses, > yes this is the kids machine, and I find that most net monitoring Winblows > software is useless, It blocks most kids sites IE msn kids etc. So I think > it may be easier to do in FreeBSD than winblows (plus if it is off their > machine they can not try to bypass it (hard when your kids are as geeky as > their parents) you could use something like this in your ppp.conf: set filter out 1 deny ip.of.kids.comp forbidden.site.inet set filter in 2 deny forbidden.site.inet ip.of.kids.comp etc. Remember to define a dial and alive list too, so your gateway won't stay connected or starts dialing for no reason. Things to block might be ports 137-139 for all the windows traffic causing a dialup. > > Regards, > > Kat. > > ____________________________________________________________________________ > /"\ ASCII Ribbon Campaign | K.A.Q. Electronics > \ / - NO HTML/RTF in e-mail | Software and Electronic Engineering > X - NO Word docs in e-mail | Perth Western Australia > / \ | Ph +61 419 923 731 > ____________________________________________________________________________ > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.351 / Virus Database: 197 - Release Date: 19/04/2002 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message Gr, -- Axel Scheepers UNIX System Administrator email: axel@axel.truedestiny.net a.scheepers@iae.nl http://axel.truedestiny.net/~axel ------------------------------------------ Reality is just a convenient measure of complexity. -- Alvy Ray Smith ------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message