Date: 07 Mar 2003 14:35:58 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com> To: freebsd-questions@freebsd.org Subject: Re: firewall Message-ID: <44y93r9dgh.fsf@be-well.ilk.org> In-Reply-To: <OE25wtjWJ2etdYQIqJC0001d143@hotmail.com> References: <OE25wtjWJ2etdYQIqJC0001d143@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Brian Henning" <b1henning@hotmail.com> writes: > Hello- > I am pretty new to natd and ipfw, so i would like to be able to describe what i > want > to be able to do with my new bsd router. This is to understand the nomenclature > and how understand > > how other people use bsd as a router/firewall. > So far i have manually done this to my router. > > >sysctl net.inet.ip.forwarding=1 # gateway_enable="YES" > >natd -interface rl1 > >ipfw -f flush > >ipfw add divert natd all from any to any via rl1 > >ipfw add pass all from any to any > > notes: > r11 is my external network > rl0 is my internal network > > here is what i would like to do in a more standard way. Please correct my > wording > if it is off or if it unclear. > > port forward: ssh from a local machine port 22 to the router port 22, open to > the outside Being able to connect out is easy, but I think you should have that already. Supporting incoming connections the same way doesn't make sense, because the router won't know which local machine should get it. > port forward: vpn port 5001 for all local machines, open to the outside You need to work out your topology, and probably not run VPN software on each local machine, but implement a tunnel that they can route to. > block all servers on the router to the outside, but not the inside > anyone on the local network has access to services on the router That's pretty normal; you just put an allow-all clause on the inside interface. > what else should i consider? Reading Cheswick & Bellovin, perhaps? > is port forwarding done with ip or with mac address? IP. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44y93r9dgh.fsf>