From owner-freebsd-net@FreeBSD.ORG Mon Apr 21 09:27:06 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2762106564A for ; Mon, 21 Apr 2008 09:27:06 +0000 (UTC) (envelope-from fam@solacetel.com) Received: from ns1.sky.net.pk (mx1.sky.net.pk [203.175.64.8]) by mx1.freebsd.org (Postfix) with ESMTP id BD4B88FC20 for ; Mon, 21 Apr 2008 09:27:05 +0000 (UTC) (envelope-from fam@solacetel.com) Received: from solace638d593b (fam.sky.net.pk [203.175.64.65]) by ns1.sky.net.pk (8.13.5/8.13.5) with ESMTP id m3L7qdLG028833 for ; Mon, 21 Apr 2008 13:52:47 +0600 Message-Id: <200804210752.m3L7qdLG028833@ns1.sky.net.pk> From: "Fazal Ahmed Malik" To: Date: Mon, 21 Apr 2008 13:48:50 +0500 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcijjIUQg1WPl7loSjOUXkvKm11Q9w== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Web server behind ipfw firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Apr 2008 09:27:06 -0000 Hi, I need help for setting up web server behind IPFW firewall. I have Freebsd 6.0 working as router on LAN with transparent squid. Now I want to setup web server to be running on private IP please help me in writing IPFW rules to serve the purpose. Current IPFW rules are as under, $fwcmd add divert natd all from any to any via vr0 $fwcmd add fwd $external_ip,8080 tcp from not me to any 80 #$fwcmd add fwd $internal_ip log tcp from any to me dst-port 80 in via vr0 #$fwcmd add fwd $internal_ip tcp from any to me dst-port 80 out via re0 $fwcmd add allow log tcp from any to any in tcpflags syn,fin $fwcmd add check-state $fwcmd add allow tcp from any to any out keep-state $fwcmd add allow tcp from any to any via vr0 established $fwcmd add allow tcp from any to any 21 setup $fwcmd add allow tcp from any to any 22 setup $fwcmd add allow tcp from any to any 23 setup $fwcmd add allow tcp from any to any 43 setup $fwcmd add allow tcp from any to me 80 setup $fwcmd add allow tcp from any to any 110 setup $fwcmd add allow tcp from any to any 143 setup $fwcmd add allow tcp from any to any 443 setup $fwcmd add allow tcp from any to any 789 setup $fwcmd add reset log tcp from any to any 113 in recv vr0 $fwcmd add allow udp from any to any 53 out xmit vr0 $fwcmd add allow udp from any 53 to any in recv vr0 $fwcmd add 03000 allow icmp from me to any $fwcmd add 04000 allow icmp from any to any Thanks, Fazal No virus found in this outgoing message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.2/1388 - Release Date: 4/20/2008 3:01 PM