From owner-freebsd-questions@FreeBSD.ORG  Tue Apr  8 22:05:40 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 991C037B401
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Apr 2003 22:05:40 -0700 (PDT)
Received: from hotmail.com (f13.pav1.hotmail.com [64.4.31.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3E87A43FCB
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Apr 2003 22:05:40 -0700 (PDT)
	(envelope-from mark_gladman@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 8 Apr 2003 22:05:39 -0700
Received: from 150.101.221.228 by pv1fd.pav1.hotmail.msn.com with HTTP;
	Wed, 09 Apr 2003 05:05:39 GMT
X-Originating-IP: [150.101.221.228]
X-Originating-Email: [mark_gladman@hotmail.com]
From: "Mark Gladman" <mark_gladman@hotmail.com>
To: freebsd-questions@freebsd.org
Date: Wed, 09 Apr 2003 15:05:39 +1000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F139G8XHXMH3jCNAv9t00002fdc@hotmail.com>
X-OriginalArrivalTime: 09 Apr 2003 05:05:39.0962 (UTC)
	FILETIME=[AA1EDDA0:01C2FE55]
Subject: Firewall testing issues.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Apr 2003 05:05:40 -0000

Hi there,

I pointed this question at the freebsd-newbies list previously, and only 
afterwards realised that it's probably more technical than should be posted 
to that list.. oops..

Anyway, I've got an external ADSL router which uses a static route to 
forward packets(?) to a FreeBSD box using ipfw. I've configured ipfw to some 
extent (still some stuff not working..), but I'm currently tweaking the 
config for it. Now, what happens when I try and get someone to portscan it 
from the outside world (using nmap), instead of it portscanning the FreeBSD 
box, it scans the ADSL router, even though I thought that the static route 
just handed all incoming packets to the FreeBSD box?

The ADSL router has NAT'ing enabled on it, as opposed to the FreeBSD machine 
doing the NAT'ing. (This was the way that was recommended to me, and seems 
to work).

So I'm just wondering.. how can I tell if the firewall is actually working 
or not? because portscanning it internally won't be a problem since all the 
internal computers have the ability to do pretty much whatever they want, 
and doing it externally just hits the ADSL router.

Hope this makes some sense!

Cheers,
Mark

_________________________________________________________________
MSN Instant Messenger now available on Australian mobile phones. Go to  
http://ninemsn.com.au/mobilecentral/hotmail_messenger.asp