Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 Feb 2002 19:36:35 -0500 (EST)
From:      Chris Collins <chris@collins-ca.com>
To:        questions@freebsd.org
Subject:   NAT/IPFW security question
Message-ID:  <20020212192234.F908-100000@bsduser.ca>

next in thread | raw e-mail | index | archive | help
Hello

I have just recently setup my FreeBSD machine to connect to my ISP via
dhcp and run nat for the rest of my network. I have question I hope
somebody on this list can help me with.

How do I secure my FreeBSD box so that it does not allow any traffic into
may machine that I do not make a rule for? As it stand right now the rule

add pass all from any to any

is allowing all ports into my machine but without it my nat does not work.

Here is a complete list of my rules.

-f flush
add divert natd all from any to any via dc0
add pass all from any to any
add 230 allow tcp from any to 21 via dc0
add 240 allow tcp from any to 25 via dc0
add 250 allow tcp from any to 110 via dc0
add 270 allow tcp from any to 80 via dc0
#add 290 allow tcp from any to 10000 via dc0
add 300 allow icmp from any to any
add 65534 deny log ip from any to any

I have other ports being used that are not in this list that I only want
my 10.0.0.0/24 on interface dc1 home network to have access to.

Can anybody offer any suggestions?

Thanks
Chris


-=-=-==-=-=-=-=-=-=-=-=-=-=-=--=-=-==-=-=-
Chris Collins
chris@collins-ca.com
MSN Msg: chris_collins_ca@hotmail.com
-=-=-==-=-=-=-=-=-=-=-=-=-=-=--=-=-==-=-=-



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020212192234.F908-100000>