Date: Fri, 13 Apr 2001 09:36:41 -0500 From: Andrew Hesford <ajh3@chmod.ath.cx> To: Radical <Radical@hardcore.lt> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw+natd "napster" Message-ID: <20010413093641.A13856@cec.wustl.edu> In-Reply-To: <HJEHLLFKGILMAKFJEGJKKEHDCJAA.Radical@hardcore.lt>; from Radical@hardcore.lt on Fri, Apr 13, 2001 at 10:59:14AM %2B0200 References: <20010412135604.A1163@home.com> <HJEHLLFKGILMAKFJEGJKKEHDCJAA.Radical@hardcore.lt>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 13, 2001 at 10:59:14AM +0200, Radical wrote: > Hello > > I'm running gateway on freeBSD 4.2. > I have configured on it ipfw and natd. > Everything works very well but I was confused when found that napster do not > work properly. > So maybe some one already solve this problem and has correct rules for ipfw The problem is trivial, if you use stateful rules. There are plenty of instructions on how to do this, if you look around, so I'm not going to restate them here. Basically, since I trust every machine in my LAN, my router/NATbox/packet filter allows any connection that originates inside the LAN to do what it wants. It then lets return packets from that connection back inside the LAN. However, the packet filter systematically drops all packets destined for my boxen when there is no active connection originating on the inside. The result is very cool... For instance, I can ping any host I want, but nobody can ping me. Likewise, telnet and ftp ports are sealed off to the outside world, but I can telnet and ftp anywhere I like. I only keep three ports open: ssh (for easy remote access to my workstation), smtp (for the ability to receive precious freebsd mailing list messages) and http (for no real reason except it's cool to run a webserver). With this configuration, napster has never been a problem for me. I'm not sure how it affects people you try to take my MP3s, but I'm the BOFH of the napster world; I don't give a damn about people who want to take MY music, and if I do see connections (I can't remember any right now), I kill them. -- Andrew Hesford ajh3@chmod.ath.cx To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010413093641.A13856>