Date: Sun, 12 Jun 2005 00:43:15 -0400 From: "Paul Dufresne" <dufresnep@fastmail.fm> To: "P.U.Kruppa" <root@pukruppa.de>, "dk dkrules" <dkrules7@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Setting a simple firewall for PPPoE connection Message-ID: <1118551395.29106.236171214@webmail.messagingengine.com> In-Reply-To: <20050609181128.G48525@www.pukruppa.net> References: <BAY21-F20031309C5747F0945F69F8AFC0@phx.gbl> <20050609181128.G48525@www.pukruppa.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 9 Jun 2005 18:22:45 +0200 (CEST), "P.U.Kruppa" <root@pukruppa.de> said: > On Thu, 9 Jun 2005, dk dkrules wrote: > > > I am very dissappointed. I have been looking on the net for 3 days now > > looking for easy setup guides or How to guides and setting up FreeBSD 5.x > > with transparent proxy and firewall and there simply is no easy way > > explaining to beginners how to do such a setup. > 1) Before you start playing around with squid and firewall you > have to make sure your FreeBSD box works as a gateway. > 2) When this is done look into google for setup of squid as a > transparent proxy (these are two or three entries in a config > file). > 3) enable firewall in /etc/rc.conf with lines like > firewall_enable="YES" > firewall_script="/etc/firewall.conf" > 4) edit your /etc/firewall.conf with something like > > ipfw add 500 fwd 127.0.0.1 tcp from any to any 80 recv rl0 > ipfw add 60000 allow all from any to any > > where rl0 is the device name of your NIC. > 5) reboot Well, I feel a bit like the original poster. I had in mind of activating a firewall for my PPPoE connection a bit like it is easy to do on Windows XP. So I began reading the handbook and found that there is mainly 3 different firewalls, and this put me with the problem of choosing one. IPFW seems to have default rules that would at first glance make it easy (would choose client setup for me). But then reading through /etc/rc.firewall I concluded that I had to set my IP address in it. But my ISP set it dynamically with PPPoE, so I did not know what to do next. So I thought that reading the ppp man page (yes, I use userland ppp program, but I think that there is a pppoed somewhere that I maybe should use instead), there is some kind of firewall rules that can be set inside ppp.conf. But I did not convince myself that it would help me with the fact that my IP address is dynamic. Now, maybe I can use 127.0.0.1 like you did in step 4 above, but I don't really understand these rules yet. It looks like to me the first one accept HTTP traffic (port 80) and that the second one accept every traffic. I would have expected that the second one would refuse every traffic, leaving only traffic from the first rule to go through. But the main question is: "How to deal with dynamic IP address when writing firewall rules?" -- http://www.fastmail.fm - Accessible with your email software or over the web
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1118551395.29106.236171214>