Date: Thu, 30 Oct 2008 16:39:33 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Jack Barnett <jackbarnett@gmail.com> Cc: mdh_lists@yahoo.com, Freebsd questions <freebsd-questions@freebsd.org> Subject: Re: Firewalls in FreeBSD? Message-ID: <20081030233933.GB16747@icarus.home.lan> In-Reply-To: <490A4487.8020101@gmail.com> References: <367168.61424.qm@web56806.mail.re3.yahoo.com> <490A4487.8020101@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 30, 2008 at 06:34:31PM -0500, Jack Barnett wrote: > > Ok, I had some progress with this last night. Basically what I do is: > > in natd - redirect_port 1000 to 10000 to the internal windows box. > set ipfw to "open" file wall. > > Obviously this isn't prefect - but gives some idea of what's going on. > > What I'd like to do, is a) keep the nat redirects since that works > pretty well. > b) in ipfw, ONLY allow data back on these ports IF the windows box has > established the connection out first then deny everything else. This is called "port triggering" in the residential router world. I don't know how to do this on FreeBSD. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081030233933.GB16747>