If I understood you correctly, your setting is:

        (Modem/Router)---DHCP---(FreeBSD)---("Windows")

I may respond directly on your configuration settings:

On Wed, 29 Oct 2008 20:19:31 -0500, Jack Barnett <[EMAIL PROTECTED]> wrote:
>      gateway_enable="YES"
>      #firewall_enable="YES"
>      #firewall_type="open"
>      firewall_type="simple"
>      #firewall_type="open"
>      firewall_logging="YES"

Use instead:

        gateway_enable="YES"
        natd_enable="YES"
        natd_interface="xl0"

You may add special redirect directives to NATD's settings, such
as
        natd_flags="-redirect_port tcp 192.168.1.2:5900 5900"
        natd_flags="-redirect_port tcp 192.168.1.5:23 6666"

or
        natd_flags="-redirect_address 192.168.1.2 141.44.165.58 \
                -redirect_address 192.168.1.5 141.44.165.58"

Examples taken from a very old configuration. :-)

Then,

        firewall_enable="YES"
        firewall_type="/etc/ipfw.conf"

Then, be sure to have nice firewall settings, you can use things
similar to this, enabling just the services you really need and want,
it's easy to write your own one or to rewrite this:

        -f flush
        add divert natd ip      from any to any         via     xl0
        add allow       tcp     from any to any ftp     in recv xl0
        add allow       tcp     from any to any ssh     in recv xl0
        add allow       tcp     from any to any auth    in recv xl0
        add allow       udp     from any to any ntp     in recv xl0
        add allow       udp     from any to any ntalk   in recv xl0
        add deny        udp     from any to any x11     in recv xl0
        add reset       tcp     from any to any x11     in recv xl0
        add allow       ipencap from any to any
        add allow       ip      from any to any

This should work fine. NB to use the correct interface names.



-- 
Polytropon
>From Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to