Date: Tue, 12 Feb 2002 19:36:35 -0500 (EST) From: Chris Collins <chris@collins-ca.com> To: questions@freebsd.org Subject: NAT/IPFW security question Message-ID: <20020212192234.F908-100000@bsduser.ca>
next in thread | raw e-mail | index | archive | help
Hello I have just recently setup my FreeBSD machine to connect to my ISP via dhcp and run nat for the rest of my network. I have question I hope somebody on this list can help me with. How do I secure my FreeBSD box so that it does not allow any traffic into may machine that I do not make a rule for? As it stand right now the rule add pass all from any to any is allowing all ports into my machine but without it my nat does not work. Here is a complete list of my rules. -f flush add divert natd all from any to any via dc0 add pass all from any to any add 230 allow tcp from any to 21 via dc0 add 240 allow tcp from any to 25 via dc0 add 250 allow tcp from any to 110 via dc0 add 270 allow tcp from any to 80 via dc0 #add 290 allow tcp from any to 10000 via dc0 add 300 allow icmp from any to any add 65534 deny log ip from any to any I have other ports being used that are not in this list that I only want my 10.0.0.0/24 on interface dc1 home network to have access to. Can anybody offer any suggestions? Thanks Chris -=-=-==-=-=-=-=-=-=-=-=-=-=-=--=-=-==-=-=- Chris Collins chris@collins-ca.com MSN Msg: chris_collins_ca@hotmail.com -=-=-==-=-=-=-=-=-=-=-=-=-=-=--=-=-==-=-=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020212192234.F908-100000>