From owner-freebsd-questions@FreeBSD.ORG Sat Apr 5 12:54:56 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D116C37B404 for ; Sat, 5 Apr 2003 12:54:56 -0800 (PST) Received: from joloxbox.joshualokken.com (12-225-249-250.client.attbi.com [12.225.249.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3BA843F75 for ; Sat, 5 Apr 2003 12:54:55 -0800 (PST) (envelope-from joshualokken@attbi.com) Received: from joloxbox.joshualokken.com (localhost.joshualokken.com [127.0.0.1])h35KnBmr008548; Sat, 5 Apr 2003 12:49:11 -0800 (PST) (envelope-from joshualokken@attbi.com) Received: (from jolok@localhost) by joloxbox.joshualokken.com (8.12.8/8.12.8/Submit) id h35Kn75t008547; Sat, 5 Apr 2003 12:49:07 -0800 (PST) X-Authentication-Warning: joloxbox.joshualokken.com: jolok set sender to joshualokken@attbi.com using -f Date: Sat, 5 Apr 2003 12:49:07 -0800 From: Joshua Lokken To: John Meyer Message-ID: <20030405204906.GB8467@joloxbox.joshualokken.com> References: <000a01c2f84f$923077f0$09cba8c0@Gunther1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000a01c2f84f$923077f0$09cba8c0@Gunther1> User-Agent: Mutt/1.4i Organization: little to none X-OS: FreeBSD joloxbox.joshualokken.com 4.8-RC i386 cc: freebsd-questions@freebsd.org Subject: Re: Firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Apr 2003 20:54:57 -0000 * John Meyer (john@ast.com.na) wrote: ==> ==> Good Day. ==> ==> I have a small problem compared to the problems listed here. I have Freebsd ==> v3.1 (fairly old). I have compiled the kernel with ==> options IPFIREWALL and ==> options IPDIVERT ==> options IPFIREWALL_VERBOSE ==> ==> in my rc.conf file I have ==> gateway_enable="YES" ==> firewall_enable="YES" ==> firewall_type="/etc/firewall.ast" ==> natd_interface="vx0" ==> natd_flags="" ==> ==> In the etc dir I have a file called firewall.ast. ==> ==> My problem is I seem to get an error at bootup stating as if you are running ==> ipfw cmd without options. I have disabled all the rules in firewall.ast ==> except the first one. ==> add 00100 tcp from any to any ==> ==> When I disable that as well all seems to work well. It looks like the option ==> in rc.conf firewall_type="/etc/firewall.ast" does not get interpreted ==> correctly. I'm ceratinly no expert, and have only used FreeBSD since 4.5, but here goes. I think you need: firewall_enable="YES" firewall_script="/etc/firewall.ast" If you use the firewall_type option, I think it wants to use that type of firewall from /etc/rc.firewall, ie SIMPLE, OPEN, CLOSED, etc. ==> 2nd Problem is I need to divert my public ip port 80 to a private ip port 80 ==> what are the steps in natd to follow without compromising my security on the ==> private side. No problem. This is a nat function. You need, either in rc.conf or /etc/natd.conf: #cat /etc/natd.conf redirect_port tcp 10.0.0.2:80 80 and then, in rc.conf: natd_flags="/etc/natd.conf" ==> Thank you very much in advance for any assistance. Glad to [hopefully] help ;) ==> John Meyer ==> AST Namibia ==> -- Joshua