Date: Thu, 5 Jul 2001 21:55:38 -0700 From: "Robert Banniza" <robert@rootprompt.net> To: <freebsd-ipfw@freebsd.org> Subject: Still can't get it to work... Message-ID: <GMEDKMKMEBENJMBLDHAIGEFJEAAA.robert@rootprompt.net> In-Reply-To: <2059229442.994196674@[192.168.2.94]>
next in thread | previous in thread | raw e-mail | index | archive | help
I cannot for the absolute life of me get IPFW to work with three NICS. All I want to do is to: 1) Pass all traffic from internal network (192.168.1.0/24) to go out to 'net or to the DMZ. 2) Allow 22,25,53(udp),80,443 traffic in to the DMZ. DMZ is using real IP addresses (208.53.161.252/30) 3) Allow no traffic from DMZ to flow back into internal network. 3) Block external interface from RFC1918 spoofed addresses My network is broken up into the following segments: xl0 - external interface (208.53.161.248/30) fxp0 - internal interface (192.168.1.0/24) fxp1 - optional interface (208.53.161.252/30) I'm using default deny which I feel is safest and compensates for human error more so than default allow. I have looked on the web for a DMZ HOWTO and can't find one. Would any of you have rules that do this? I'm about ready to say fuck it and stick with the Firebox. Guys, I certainly would appreciate any help with rules on this. I'm tired of fighting with this thing. Robert To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?GMEDKMKMEBENJMBLDHAIGEFJEAAA.robert>