Date: Fri, 31 Oct 2008 12:05:28 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: Jeremy Chadwick <koitsu@FreeBSD.org> Cc: Jack Barnett <jackbarnett@gmail.com>, Freebsd questions <freebsd-questions@freebsd.org>, mdh_lists@yahoo.com Subject: Re: Firewalls in FreeBSD? Message-ID: <448ws4da2f.fsf@be-well.ilk.org> In-Reply-To: <20081030233933.GB16747@icarus.home.lan> (Jeremy Chadwick's message of "Thu\, 30 Oct 2008 16\:39\:33 -0700") References: <367168.61424.qm@web56806.mail.re3.yahoo.com> <490A4487.8020101@gmail.com> <20081030233933.GB16747@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeremy Chadwick <koitsu@FreeBSD.org> writes: > On Thu, Oct 30, 2008 at 06:34:31PM -0500, Jack Barnett wrote: >> >> Ok, I had some progress with this last night. Basically what I do is: >> >> in natd - redirect_port 1000 to 10000 to the internal windows box. >> set ipfw to "open" file wall. >> >> Obviously this isn't prefect - but gives some idea of what's going on. >> >> What I'd like to do, is a) keep the nat redirects since that works >> pretty well. >> b) in ipfw, ONLY allow data back on these ports IF the windows box has >> established the connection out first then deny everything else. > > This is called "port triggering" in the residential router world. I > don't know how to do this on FreeBSD. Stateful rules are the only way to do it. In fact, this is the main purpose of stateful rules. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?448ws4da2f.fsf>