From owner-freebsd-questions  Sun Mar 21  0:45:45 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from smtp02.wxs.nl (smtp02.wxs.nl [195.121.6.60])
	by hub.freebsd.org (Postfix) with ESMTP id A20FC150AE
	for <questions@freebsd.org>; Sun, 21 Mar 1999 00:45:44 -0800 (PST)
	(envelope-from asmodai@wxs.nl)
Received: from daemon.ninth-circle.org ([195.121.56.92]) by smtp02.wxs.nl
          (Netscape Messaging Server 3.61)  with ESMTP id AAA187C;
          Sun, 21 Mar 1999 09:45:23 +0100
Received: from daemon.ninth-circle.org (abaddon@daemon [192.168.0.1])
	by daemon.ninth-circle.org (8.9.3/8.9.3) with ESMTP id JAA02821;
	Sun, 21 Mar 1999 09:45:27 +0100 (CET)
	(envelope-from asmodai@wxs.nl)
Message-ID: <XFMail.990321094527.asmodai@wxs.nl>
X-Mailer: XFMail 1.3 [p0] on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <36F40A99.379901D0@cybertrails.com>
Date: Sun, 21 Mar 1999 09:45:27 +0100 (CET)
Organization: Ninth Circle Enterprises
From: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>
To: George Vagner <kf7nn1@cybertrails.com>
Subject: RE: firewall
Cc: questions@freebsd.org
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 20-Mar-99 George Vagner wrote:
> i compiled in firewall support but never "decoded"
> a firewall ruleset and dont understand the language.

Well, if yer going to be the primary admin for it I suggest to get yer bum
to read up on firewalls and rulesets. This is one field in which ignorance
will get yer ass wh00ped.

> what i need is a basic firewall ruleset that allows this
> 
> gatewaying from inside net to outside net.

Which will be NATed.

> www on port 80

Logically.

> ftp in/out
> telnet in/out
> smtp in/out
> pop3 in/out
> ssh in/out

Ye want telnet _and_ ssh? Is this to the firewall box itself? Or to hosts
within the intranet? If it's to the firewall then I'll say forget about the
telnet allowance (it uses plaintext passwords) and only allow SSH.

Ye can find the portnumbers for the above protocols in /etc/services.

I could write a ruleset, but that won't teach you anything and since I'm
not the admin of yer site I can only suggest once more to learn about this
stuff.

> also what file do i edit for this.

/etc/ipfw.script is a common name for it.

---
Jeroen Ruigrok van der Werven     <http://www.freebsdzine.org> 
asmodai(at)wxs.nl        The idea does not replace the work...
Network/Security Specialist      <http://home.wxs.nl/~asmodai>
*BSD: Powered by Knowledge & Know-how <http://www.freebsd.org>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message