From owner-freebsd-questions Tue Dec 19 19:24:23 2000 From owner-freebsd-questions@FreeBSD.ORG Tue Dec 19 19:24:22 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mail2.rdc1.il.home.com (mail2.rdc1.il.home.com [24.2.1.77]) by hub.freebsd.org (Postfix) with ESMTP id 02D1137B400 for ; Tue, 19 Dec 2000 19:24:22 -0800 (PST) Received: from home.com ([24.17.229.11]) by mail2.rdc1.il.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20001220032420.QGYR17385.mail2.rdc1.il.home.com@home.com>; Tue, 19 Dec 2000 19:24:20 -0800 Message-ID: <3A40266A.6060801@home.com> Date: Tue, 19 Dec 2000 21:24:26 -0600 From: "Victor R. Cardona" User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.0-test11 i586; en-US; m18) Gecko/20001218 X-Accept-Language: en MIME-Version: 1.0 To: brueggma@snoopie.yi.org Cc: questions@FreeBSD.ORG Subject: Re: ipfw/gateway References: <20001219200559.A80329@snoopie.yi.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Eric Brueggmann wrote: > Hello, > > I was wondering if any knows where I can find some info on setting > up a firewall with ipfw and allowing all the boxes behind the gateway/firewall > access to the net. I thought this would do it: > > # Allow all from the inside. > ${fwcmd} add pass all from any to any via ${iif} > ${fwcmd} add pass all from any to any out via ${oif} > > but it dosen't quite work. I still can't check out the web from behind > the firewall. I'm using the "simple" ipfw firewall with the only modifications > above. I was unable to ping the gateway/firewall from the client till I added > those rules. Should I setup a proxy? But how am I gonna use napster? ;-) > Or am I just plain confused on how this all works? Is there an easier way, > then setting up a complicated ipfw rule set? The Handbook has a section on firewalls and NAT. You might also want to read man natd, and man ipfw. Finally, take a look at /etc/rc.firewall. HTH Victor Cardona vcardona@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message