Mexican Loser wrote:
Hello fellow BSD users -
I have dansguardian listening on 127.0.0.0.1:8080 - squid listening on
127.0.0.1:3128 on the same computer for content filtering and caching for
the kids.
I also have ipfw ruleset. I'm able to browse the Internet fine but I just
want to make sure http requests are going through my ipfw ruleset. How do I
know if my websites requests are going through the ipfw rules and coming
back through them?
The rule below allows everything through the loop back interface, is that
whats allowing squid and dansguardian to work? If so, I would like to know
what rules specifically I can add specifically for dansguardian and squid?
allow all from any to any via lo0
For starters, read up in the Handbook on ipfw. You're really
going to want to understand what you are doing. It may help to define
your rules in English, then try and figure out the syntax for ipfw.
You should look carefully at your network setup. I'm assuming you
have a BSD box dual-homed to your ISP, and doing NAT for your LAN?
Your loopback interface must always work, otherwise Bad Stuff(tm)
will happen. That's the rule you have up there.
After that, write out your rules in English:
1. I can connect to anything from the gateway/server.
2. Nothing can come in from outside.
2. No one else can connect to anything outside the gateway/server.
4. Everyone inside can connect to the gateway/server.
Etc.
After that, it's just a matter of figuring out ipfw's syntax.
HTH,
Kevin Kinsey
P.S. You'll get some recommendations for other firewalls, too.
Use which ever one makes sense to you :-)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
