Date: Sun, 02 Jan 2000 10:37:45 -0500 From: John <papalia@udel.edu> To: freebsd-questions@freebsd.org Subject: IPFW Message-ID: <4.1.20000102103607.00992620@mail.udel.edu>
next in thread | raw e-mail | index | archive | help
Hi all,
I was hoping someone might be able to help me muddle through understanding
and correcting a few of my filter rules.
Network configuration is:
* FreeBSD gateway maintaining an assigned Outside IP
* Same box maintains an Inside IP on 192.168.x.x subnet
* All inside boxes assigned 192.168.x.x IP's
For example, if I want to allow SSH connections only *to* the FreeBSD box,
but I want both the FreeBSD and the internal boxes to be able to generate
outgoing SSH sessions in the outside world, is the following enough?:
# Allow all traffic from inside out
$fwcmd add pass all from ${iip} to ${inet}:${imask}
$fwcmd add pass all from ${inet}:${imask} to ${iip}
# Allow access to SSH
$fwcmd add pass any from any to ${oip} 22 setup
$fwcmd add pass any from ${oip} to any 22 setup
# Allow all established connections to pass
$fwcmd add pass tcp from any to any established
Also, if I wanted users on the inside network to be able to access external
hosts for popmail, but wanted to have popmail disabled on the freebsd
server, would the following solve the problem, or would it cause a security
hole?:
$fwcmd add pass any from ${inet}:${imask} to any 110 via ${oif} setup
Thanks in advance!!!
--John Papalia
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.20000102103607.00992620>