From owner-freebsd-ipfw Sun Jul 1 11:34:20 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from isotope.rootprompt.net (mail.rootprompt.net [208.53.161.253]) by hub.freebsd.org (Postfix) with ESMTP id 8394F37B403 for ; Sun, 1 Jul 2001 11:34:17 -0700 (PDT) (envelope-from robert@rootprompt.net) From: "Robert Banniza" To: Subject: IPFW and triple-homed box... Date: Sun, 1 Jul 2001 13:36:24 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit In-Reply-To: <20010701110834.B296@blossom.cjclark.org> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Guys, I've got a box that I would like to add a third interface to for a DMZ. However, I'm having more questions than answers right now. I have basically the following interfaces: xl0 (external interface to router) fxp0 (internal interface using NAT) fxp1 (DMZ interface using REAL IP on this interface as well as all machines having a real IP) I want to allow ports 80,443 and 25 over to one single real IP on the DMZ while allowing nothing to flow in to the internal network from the DMZ. I also want all traffic on the internal network allowed out to the 'net and allowed over to the DMZ. I wrote the following HOWTO (http://www.rootprompt.net/freebsd_firewall.html) for a dual-homed firewall about a year ago but have since been using a Firebox II. Therefore, my IPFW rules knowledge is rusty and no matter how much I try to figure this out, I can't get it right. Therefore, can any send me a list of their rules (if they are similar to what I want to do) or can you point me to a URL that exmplains setting up a triple-homed firewall with a DMZ? I would certainly appreciate any help with this as I would like to get off of this Firebox and back to IPFW. Thanks Robert To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message