From owner-freebsd-hackers Wed Sep 20 11:52:20 1995 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id LAA23257 for hackers-outgoing; Wed, 20 Sep 1995 11:52:20 -0700 Received: from trout.sri.MT.net (trout.sri.MT.net [204.182.243.12]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id LAA23252 for ; Wed, 20 Sep 1995 11:52:13 -0700 Received: (from nate@localhost) by trout.sri.MT.net (8.6.11/8.6.11) id MAA15080 for hackers@FreeBSD.org; Wed, 20 Sep 1995 12:52:05 -0600 Date: Wed, 20 Sep 1995 12:52:05 -0600 From: Nate Williams Message-Id: <199509201852.MAA15080@trout.sri.MT.net> X-Mailer: Mail User's Shell (7.2.5 10/14/92) To: hackers@FreeBSD.org Subject: Firewalling one interface using IPFW? Sender: owner-hackers@FreeBSD.org Precedence: bulk Is it possible to setup packet filtering on one interface w/out affect the rest of the network interfaces? Basically, my current setup is I've got a SunOS box running MorningStar's PPP implemenation (very nice) which two modem connections. The first connection is my full-time network connection. This connection allows any connection from certain 'trusted' machines/networks, filters out all other incoming ftp/telnet connections, dis-allows all UDP information in/out. This works very well for this connection. However, I also use the same box for generic incoming PPP connections for my co-worker, who dials in from home. With this connection *any* sort of traffic is allowed. We're moving away from the Sun and installing a FreeBSD PC to handle all of our network traffic, so it will be our main DNS box, PPP server, router, the whole works. This is a much better (and cheaper) solution than buying a Cisco or other router, since this box does it all and we can leave it in the corner and never worry about it every again (hopefully). In any case, we'd like to be able to be able to provide the same functionality in FreeBSD as we currently have with MorningStar w/regards to packet filtering. The current PPP implementation seems to have all of the other features of MorningStar, so we're only missing the filtering capability. We will have at least 2 incoming and 1 outgoing PPP connections, so the solution must not be too much of a resource hog, plus we may be adding another 1-2 PPP connections depending on our job search from Montana hires. Clues or hints would be appreciated, Thanks! Nate ps. We are attempting to get MorningStar to do a FreeBSD product, but given the current PPP implementation in FreeBSD it may be a hard-sell.