From owner-freebsd-isp Wed Aug 28 0: 9:48 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AF8937B400 for ; Wed, 28 Aug 2002 00:09:46 -0700 (PDT) Received: from mail.yazzy.org (mail.wrs.no [80.232.16.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36E4D43E6A for ; Wed, 28 Aug 2002 00:09:45 -0700 (PDT) (envelope-from yazzy@yazzy.org) Received: from yazzy.org (saruman.wrs [192.168.64.6]) by mail.yazzy.org (Postfix) with SMTP id 20D7562F6B2D; Wed, 28 Aug 2002 09:06:40 +0200 (CEST) Received: from mail.wrs.no ([80.232.16.66]) (SquirrelMail authenticated user yazzy.yazzy.org) by www.yazzy.org with HTTP; Wed, 28 Aug 2002 09:08:59 +0200 (CEST) Message-ID: <43677.80.232.16.66.1030518539.squirrel@www.yazzy.org> Date: Wed, 28 Aug 2002 09:08:59 +0200 (CEST) Subject: Re: Port forwarding recommendations? From: "Marcin Jessa" To: Importance: Normal X-MSMail-Priority: Normal X-Priority: 3 In-Reply-To: <200208270715.29162.absinthe@pobox.com> References: <200208270715.29162.absinthe@pobox.com> Cc: Reply-To: yazzy@yazzy.org X-Mailer: h4x0r mail yazzy.org (version 1337) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Dylan. Sounds like you need NAT. Both ipfw and ipf have this funcionality which is really easy to implement. I have written 2 'ipf and ipfw quick and dirty' howtos about this subject. Check out the FreeBSD section on www.ezunix.orgBtw, next time someone tells you to use some fancy web based (linux!) tool to configure your filrewall, put his email directly to /dev/null.Running a web server on a firewall... geez... Good luck. Cheers YazzY Dylan Carlson said: > Hi, > > There are volumes of mailing list messages out there on the subject of > firewalls, but the solutions for different circumstances are not clear. > Your recommendations would be appreciated. > > I have a simple low-end pentium box I want to do the following: > > - Firewall (ipfilter or ipfw, comfortable with either one) > - One external IP assigned via DHCP (from the ISP) > - One internal IP serving as a gateway address for a private class C - > NAT sharing to 4-5 hosts on the protected, internal subnet > - Inbound port forwarding > > ...where "port forwarding" means listening on a port on the external > interface of the firewall and forwarding to a specified internal host > for the rule. I have looked at [ /usr/ports/net/portfwd ] but I am > not sure how well/if this works with any of the NAT and firewall > implementations. > > Wondering which components you would use, why - and any caveats. I > would be thankful for any references as well. > > Provided I am successful with this I plan on writing up a procedure in > DocBook and and kicking it over to the FreeBSD documentation project. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message