Jack Barnett wrote:
So basically the ruleset should be simple:

ipfw -f flush
# allow lo0 stuff
# block some spoofs/attacks
# if you are hosting gameservers from or whatever,
# you should (manually) open server ports, in other words, add
# routes to to specific server ports
ipfw add divert natd all from any to any via $outside_interface
allow all from any to any
# block some more spoofs/attacks :)
# define services (like you did with http)
Sorry, this didn't work.

just without any security concerns, try this script:

ipfw -f flush
ipfw add divert natd via xl0
ipfw add allow all from any to any

But please tell me, what kind of internet connection do you have? You said you have a Dynamic IP. Are you using connecting to the Internet via ppp? If so, replace xl0 up there with tun0 (or whatever tunnel ppp created).

Here's my stuff:

::: /etc/natd.conf :::
dynamic           yes
same_ports        yes
deny_incoming     yes
unregistered_only yes
redirect address

::: part of /etc/rc.conf :::

# [...]

ifconfig_rl0="inet netmask"
ifconfig_ed0="up" # <-- this is the external one
                  # plus there is a tun0 for PPPoE

firewall_script="/etc/ipfw.rules" # something like the above script


natd_flags="-f /etc/natd.conf"


# [...]
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to