From owner-freebsd-ipfw@FreeBSD.ORG  Tue Aug  9 20:24:45 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1BAAC16A41F
	for <freebsd-ipfw@freebsd.org>; Tue,  9 Aug 2005 20:24:45 +0000 (GMT)
	(envelope-from maverick31337@vfemail.net)
Received: from ybbsmtp14.mail.mci.yahoo.co.jp (ybbsmtp14.mail.mci.yahoo.co.jp
	[210.80.241.188])
	by mx1.FreeBSD.org (Postfix) with SMTP id 6F8B04476F
	for <freebsd-ipfw@freebsd.org>; Tue,  9 Aug 2005 20:24:44 +0000 (GMT)
	(envelope-from maverick31337@vfemail.net)
Received: from unknown (HELO ?192.168.0.1?) (badtrans666@219.197.212.140 with
	plain)
	by ybbsmtp14.mail.mci.yahoo.co.jp with SMTP; 9 Aug 2005 20:24:43 -0000
X-Apparently-From: <ro0tless31337@yahoo.co.jp>
Message-ID: <42F9110A.5080204@vfemail.net>
Date: Wed, 10 Aug 2005 05:24:42 +0900
From: "Tetsuji \"Maverick\" Rai" <maverick31337@vfemail.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
	rv:1.8b4) Gecko/20050728 SeaMonkey/1.0a
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: firewall/nat question: simple, but no example found
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2005 20:24:45 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I've been using Linux and know iptables well, but I don't know ipfw
although I had been using FreeBSD for 3 years good old days w/o firewall
with dial up connection ;)  So here goes my question.

I am building a FreeBSD gateway at home.   It obtains an external IP
address from ISP dynamically using dhcp and I have two other boxes (and
some virtual boxes) internally using static private network addresses
(192.168.x.x).

I want to set up a firewall/nat so that

1. The gateway (also a web server) accepts tcp port 80 and (probably) 25
from outside. but incoming tcp/udp ports 1-1024,1043,10000 connections
are blocked.
2. Inside private network, nothing is blocked.

Isn't it so simple?  But I cannot find any nice examples...the default
rc.firewall contains examples using the static ip address, but not DHCP.
 I want to specify the interface not ip address.  BTW my external
interface is rl0 (dhcp) and the internal one is fxp0 (static).

Thanks in advance!
- --
Tetsuji 'Maverick' Rai
PGP Key fingerprint = 2021 6BF9 CEA3 73DE FF17  B326 F4DA F04E F784 3B85
gpg fingerprint
Aviation Jokes: http://www.geocities.com/tetsuji_rai/
Profile http://maverick.ns1.name/
http://maverick.IsASecret.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFC+REK9NrwTveEO4URAs8KAJ9R+KCeArtI7/op4y3TlHQI3n/wmQCfQ0BF
GeyuJ9dEccxdFFqOfng/yj4=
=54jR
-----END PGP SIGNATURE-----