Date: Thu, 20 Nov 2003 02:37:19 +0100 From: michael <michael@nettmail.de>, michael <michael@nettmail.de> To: Robert Johannes <rjohanne@piper.hamline.edu>, freebsd-ipfw@freebsd.org Subject: Re: ipfw script Message-ID: <20031120013630.GA93021@brenner.msresearch.org>
next in thread | raw e-mail | index | archive | help
>Hello Michael, >I would like to set up an ipfw box. The kernel is configured, and right >now I've some simple rules active. Specifically, I have >a private LAN, on 192.168.0.0; the firewall/gateway is 192.168.0.253. >I would like to be able to let in port 80, 25 and 22 from the outside. >Port 80, I need to nat it so it gets forwarded to an internal box. All Hi, i have seen your posting. You woul to contact me directly? You should send the E-Mail to me! Well, yes i can get you this script! May this costs Time.... I be a little busy....may no problem First can you me send your Posting to me again? I could't fully read your message (see above) all that you need is an Kernel with ipfw and divert. than can you use the fwd-option from ipfw this rewrite the packets eg. dnat. I thin you whish... ipfw add 1000 pass tcp from any to me 25 in recv $EXT_IF keep-state ipfw add 2000 fwd $INT_HTTP_SRV,$INT_HTTP_PORT tcp from any to me 80 in recv $EX T_IF keep-state ....and so on.... I hope this help you for the first Time. Other ipfw-list-readers have also wished support on ipfw/nat/dnat, o i would create an ipfw-knowledge-base to make the work a little bit better. I hope you and the others can spend a little bit time to wait for the support from me, so i create an webpage. On this Page i would place sample-script's with more speaking comment'S and explaining the rules in detail. if you could wait the time (i think at this weekend) so you should read the fine Manuals (rtfm) from BSD and stay tuned :-) else you should contect me directly and give me an view from your problem, so i can write an complete easy to understand firewall-script with tuning many sysctl-parameters. next step is then to create rules with QOS and pipes with bandwith limitation for DMZ and intranet. let me know your Problem and i help.... (i like the beatles...help... :-)))) so on now i must sleep a little bit, at 5 hours is time to go working bye.... regards michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031120013630.GA93021>