Date: Fri, 9 Feb 2001 16:26:31 -0800 (PST) From: Mikko Tyolajarvi <mikko@dynas.se> To: cykyc@yahoo.com Cc: freebsd-ipfw@freebsd.org Subject: Re: FreeBSD Application firewall w/o ip forwarding enabled Message-ID: <200102100026.f1A0QVs09860@explorer.rsa.com> References: <200102091844.f19Iifg06092@iguana.aciri.org> <20010209195412.27578.qmail@web4501.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In local.freebsd.ipfw you write: >> use that (i assume the reason you do not want >> forwarding >> is to avoid remapping addrsses ?) >It's not to avoid remapping addresses, but to try and >use the firewall as an application firewall instead of >a packet filter firewall. The running application on >the firewall would be in charge of receiving whatever >type of information on the external interface and then >redirecting it to the internal interface, instead of >simple NAT'n and IP forwarding, which is at the >network level. I don't know exactly what you are trying to accomplish, but the TIS fwtk is a pure application level proxy toolkit. Maybe that will be enough? If the firewall is supposed to look like it is forwarding packets, but transparently filters them through application proxies, then you can use ipfw rules to forward allowed traffic to your proxies, and deny everything else. I have written programs that do this, and they work just fine, but are not available as freeware... Hmm... it looks like someone has made patches for FWTK to handle transparent proxying - see <http://www.fwtk.org/>. Haven't tried it, though. Also, the Juniper firewall toolkit <http://www.obtuse.com/>; looks like it might be what you are looking for, but I haven't tried that either. $.02, /Mikko -- Mikko Työläjärvi_______________________________________mikko@rsasecurity.com RSA Security To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102100026.f1A0QVs09860>