Date: Wed, 5 Jul 95 12:28 MSZ From: me@tartufo.pcs.dec.com (Michael Elbel) To: marek@malkom.pl Cc: questions@freebsd.org Subject: Re: IPFIREWALL Message-ID: <m0sTRgX-000Pa5C@tartufo.pcs.dec.com> References: <199507031327.GAA05279@freefall.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In pcs.freebsd.questions you write: >Now I want to setup up a FreeBSD firewall box and >I have some questions about firewall in FreeBSD >1) What about ipfw.FAQ ? Good question, want to write one? >2) Is there an example of kernel config file for this > purpose ? (minimal) That depends on what kind of firewall you want to set up. The simplest thing would to be to have the the FreeBSD box act as a bastion host with two IP interfaces (e.g. two ethernets or one ethernet and a PPP link to the ISP), disable ip forwarding (sysctl -w net.inet.ip.forwarding=0) and install proxies for everything you want to pass through the firewall. For this you simply make a minimal configuration for the machine and install your proxies of choice. I recommend a look at TIS' firewall toolkit (ftp://ftp.tis.com/pub/firewalls/toolkit). It comes with excellent documentation, including general thoughts about firewall concepts. There is a general firewall FAQ too. Browse http://www.tis.com and you'll find pointers in all directions. >3) Are there any specific problems causing FreeBSD firewall ? I haven't run into any yet. I've successfully set up a firewall consisting of a screened subnet that's visible from the outside and a hidden internal network using FreeBSD. In fact, we'll be using FreeBSD exclusively for firewalls and general servers (http, ftp, etc.) for our 1500 people company soon. Michael-- Michael Elbel, PCS GmbH, Muenchen, Germany - me@FreeBSD.org Fermentation fault (coors dumped)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0sTRgX-000Pa5C>