Date: Wed, 28 Aug 2002 04:37:50 -0400 From: Dylan Carlson <absinthe@pobox.com> To: freebsd-isp@FreeBSD.ORG Subject: [SUMMARY] Port forwarding recommendations? Message-ID: <200208280437.50576.absinthe@pobox.com>
next in thread | raw e-mail | index | archive | help
I got a lot of responses to this (thank you). 1. "Derek" <derek@durham.net> and Noah K Sematimba <ksemat@africaonline.co.ug> suggested the ipfw/natd combination. Which worked, but took me couple of hours. I ran into some circumstances where natd seemed to blow it's brains out when I was reloading the rules, but I got it to work. I've always (personally) preferred the ipfilter way of doing things, and this experience hasn't changed that. 2. "Leigh V" <leighv@roq.com> suggested an ipfilter script which worked pretty well, got the basic firewall up quickly, and then I dropped in the port forwarding rules and it worked great. 3. Martyn Routley suggested SmoothWall, a linux-based canned firewall package. Reluctant at first, I tried it out. Admittedly, it's pretty slick. If you don't plan on the machine being anything but a firewall, it does the job. I had it up and running in about 20 minutes with the port forwarding. And snort, squid, and dynamic DNS built in. Port forwarding was as easy as it gets. Apart from being an ipchains firewall, it's using the same tools as everything else ... it's just been packaged neatly into a purpose-built platform, and has an apache/mod_ssl interface for configuration-which is pretty much how all the commercial firewall interfaces are going anyway (web UI). The UI makes changes easy; particularly the "patching" part of SmoothWall was quite nice. There's no reason something like SmoothWall couldn't be built around FreeBSD. I hope someday there is, though I'm not the guy for that job. I'm wrapped up in Java and helping out the FreeBSD Java Project. Conclusions SmoothWall is the easiest and probably ideal way to go. I'm still running it live at the moment, but I plan on going back to #2, because I am a BSD guy. It's called "eating one's own dog food." I hope that someday a nice package such as this comes to BSD. Thanks to everyone for your input. Cheers, -- Dylan Carlson [absinthe@pobox.com] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208280437.50576.absinthe>