Jack Barnett wrote:
[EMAIL PROTECTED] wrote:
So basically the ruleset should be simple:

ipfw -f flush
# allow lo0 stuff
# block some spoofs/attacks
# if you are hosting gameservers from 192.168.17.3 or whatever,
# you should (manually) open server ports, in other words, add
# routes to 192.168.17.3 to specific server ports
ipfw add divert natd all from any to any via $outside_interface
allow all from any to any
# block some more spoofs/attacks :)
# define services (like you did with http)
Sorry, this didn't work.




just without any security concerns, try this script:

#!/bin/sh
ipfw -f flush
ipfw add divert natd via xl0
ipfw add allow all from any to any

But please tell me, what kind of internet connection do you have? You said you have a Dynamic IP. Are you using connecting to the Internet via ppp? If so, replace xl0 up there with tun0 (or whatever tunnel ppp created).

Here's my stuff:

::: /etc/natd.conf :::
dynamic           yes
same_ports        yes
deny_incoming     yes
unregistered_only yes
redirect address  192.168.123.254 0.0.0.0

::: part of /etc/rc.conf :::

# [...]

ifconfig_rl0="inet 192.168.123.254 netmask 255.255.255.0"
ifconfig_ed0="up" # <-- this is the external one
                  # plus there is a tun0 for PPPoE

firewall_enable="YES"
firewall_script="/etc/ipfw.rules" # something like the above script

gateway_enable="YES"
router_enable="NO"

natd_enable="YES"
natd_interface="tun0"
natd_flags="-f /etc/natd.conf"

ppp_enable="YES"

# [...]
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to