From owner-freebsd-ipfw Mon Oct 2 21:12:39 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from optimus.troysplace.net (phineas.troysplace.net [210.215.3.33]) by hub.freebsd.org (Postfix) with ESMTP id 07AD137B503 for ; Mon, 2 Oct 2000 21:12:35 -0700 (PDT) Received: (from troy@localhost) by optimus.troysplace.net (8.11.0/8.11.0) id e9349pW20092; Tue, 3 Oct 2000 14:09:51 +1000 (EST) (envelope-from troy) Date: Tue, 3 Oct 2000 14:09:51 +1000 From: Troy Bell To: TeRrAc Cc: FreeBSD IPFW list Subject: Re: IPFW + NAT, how do I slick this puppy up? Message-ID: <20001003140951.A20062@optimus.troysplace.net> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from terrac@cloudfactory.org on Mon, Oct 02, 2000 at 08:59:06PM -0700 X-PGP-Key-ID: 1024D/A3101D4C 2000-09-26 X-PGP-Fingerprint: 19D1 8450 A807 F7CF 98A1 2D97 B232 3E0B A310 1D4C X-PGP-Public-Key-URL: http://troysplace.net/troybell.asc Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline TeRrAc wrote: > I have a freebsd 4.0 stable system running IPFW, NAT and DHCP. I want to > make this machine as slick as possible. One thing that is currently > buggered is that I do not have the rc.firewall file setup to automatically > load my rules. My ruleset is minor.. extremely minor. It just allows > everything from one side to the other. I want to be able to allow all > traffic out, but notunsolicited traffic back in (if that makes any > sense. Here is my ruleset.. > 00001 3550449 1697415913 divert 8668 ip from any to any via fxp0 > 00010 5466534 2771367031 allow ip from any to any > 65535 360 38536 deny ip from any to any Add this to /etc/rc.conf: firewall_enable="YES" firewall_type="/usr/local/etc/ipfw.rules" Then create a ruleset using the above file. For example, your file might look something like: add 00005 divert 8668 ip from any to any via fxp0 add 00010 allow ip from any to any I can email you a more robust rulset to work with off-list that might get you started on a neat little firewall for yourself if you like ;) I'm sure one of the other guys will provide a decent answer to your other problem. Kind regards, -- Troy Bell troy@troysplace.net Systems Administrator http://troysplace.net/ Twisted mind? No, just bent in several strategic places :) http://ars.userfriendly.org/cartoons/?id=20000928 --0F1p//8PRICkK4MW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE52VwOsjI+C6MQHUwRAmX0AJ4z1UGbzp6rI8BuuwBQNNmWzFwgyQCaAjAO qoQ5Pf2cCcHQvKN/GSjvfcY= =btfS -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message