"Brian Henning" <[EMAIL PROTECTED]> writes:

> Hello-
> I am pretty new to natd and ipfw, so i would like to be able to describe what i
> want
> to be able to do with my new bsd router. This is to understand the nomenclature
> and how understand
> 
> how other people use bsd as a router/firewall.
> So far i have manually done this to my router.
> 
> >sysctl net.inet.ip.forwarding=1  # gateway_enable="YES"
> >natd -interface rl1
> >ipfw -f flush
> >ipfw add divert natd all from any to any via rl1
> >ipfw add pass all from any to any
> 
> notes:
> r11 is my external network
> rl0 is my internal network
> 
> here is what i would like to do in a more standard way. Please correct my
> wording
> if it is off or if it unclear.
> 
> port forward: ssh from a local machine port 22 to the router port 22, open to
> the outside

Being able to connect out is easy, but I think you should have that
already.  Supporting incoming connections the same way doesn't make
sense, because the router won't know which local machine should get it.

> port forward: vpn port 5001 for all local machines, open to the outside

You need to work out your topology, and probably not run VPN software
on each local machine, but implement a tunnel that they can route to.

> block all servers on the router to the outside, but not the inside
> anyone on the local network has access to services on the router

That's pretty normal; you just put an allow-all clause on the inside interface.

> what else should i consider?

Reading Cheswick & Bellovin, perhaps?

> is port forwarding done with ip or with mac address?

IP.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to