Date: Sun, 4 May 2003 14:13:09 -0400 From: Brian Minard <bminard@flatfoot.ca> To: freebsd-questions@freebsd.org Subject: proxy w/ firewall? Message-ID: <20030504181309.GA10481@spud.flatfoot.ca>
next in thread | raw e-mail | index | archive | help
Hello,
I'm trying to set up firewall rules for a work station attached to
a gateway. The gateway is running ipfw2 and natd. I'd like to
develop rules for the work station requests which achieve the
following.
a. have work station requests for http/smtp/pop3 go through the
gateway over ppp0. The interface between the work station and
the gateway is xl0.
b. limit the source of requests for of each of these protocols
to only the work stations and the destination to my ISP's mail
relays (in the case of smtp and pop3).
The problem is that the work station requests only seem to get
through the firewall with very generic rules:
ipfw allow tcp from any to any http keep-state
ipfw allow tcp from any to 1.2.3.4/24{1,2} smtp keep-state
ipfw allow tcp from any to 1.2.3.4/24{1,2} pop3 keep-state
I've a couple of questions about this:
1. am I improving the security if I change the rules to
something like:
ipfw allow log tcp from me to any http keep-state via ppp0
ipfw allow log tcp \
from 2.3.4.5/24 to me http keep-state via xl0
2. do I need to run a proxy server to get the rules in question
(1) to work, or is there some magic I can work using only the
firewall?
Thanks,
Brian
--
Brian Minard
bminard@flatfoot.ca
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030504181309.GA10481>