as follows;
Site 1 - 25 users
Site 2 - 5 users
Site 3 - 12 users
Our site VPN users are Apprx 25, and about 50% of them are connected at
any
given time.
My first thought is to put up a Firewall box that can the load of
publishing
many internal boxes and publish a box with OpenVPN and another
- Original Message -
From: Paul Hillen [EMAIL PROTECTED]
To: Steve Bertrand [EMAIL PROTECTED]; Paul Hillen [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, July 21, 2004 1:33 PM
Subject: RE: Firewall, OpenVPN and Squid question
I have around 100 users at our site that would
We have about 6000 users, and the FBSD firewall never ever hiccup'ed. I
could even run tcpdump for hours, and it would rarely ever drop even a
single packet.
What size hardware is your firewall running on to handle the potential of
6000 users accessing your internal servers for mail, etc
as follows;
Site 1 - 25 users
Site 2 - 5 users
Site 3 - 12 users
Our site VPN users are Apprx 25, and about 50% of them are connected at
any
given time.
My first thought is to put up a Firewall box that can the load of
publishing
many internal boxes and publish a box with OpenVPN and another
connecting Gateway to Gateway, there are apprx as follows;
Site 1 - 25 users
Site 2 - 5 users
Site 3 - 12 users
Our site VPN users are Apprx 25, and about 50% of them are connected at
any given time.
My first thought is to put up a Firewall box that can the load of
publishing many internal
I would have to guess if a hardware firewall like Watchguard that offers
VPN
also, that it would have to be beefer than that. Steve going back to
your
initial response about the PIII 800MHz network, are you using a proxy
for
the internal users or are they connecting directly to the firewall
Somehow I haven´t yet managed to get my FreeBSD 5.2 current system
boot up smoothly with initiatiying the network properly.
I´m running ADSL and tun0 doesn´t seem to be initialized when the firewall
rules are being applied and when natd ist started.
I´m getting an error socket not available
a hardware firewall, and am considering
the Netgear WGT624 router (Atheros chipset) for this purpose. I would
only be hooking up a single desktop computer, and wouldn't be needing
wireless connection just yet (though the router's capability in this
regard will be nice for future home networking
and more junk mail
lately.
It looks like some sites are sniffing out my e-mail address, my pc configs, etc.
Hence, I'd like to setup a firewall.
I found many good examples, however they deal with a one pc (FreeBSD) one network card
setup.
For ex: do I need to add divert and bridge to the Kernel config
.
It looks like some sites are sniffing out my e-mail address, my pc configs, etc.
Hence, I'd like to setup a firewall.
I found many good examples, however they deal with a one pc (FreeBSD) one network card setup.
For ex: do I need to add divert and bridge to the Kernel config file? How do I set up
Here is a rewrite of the FreeBSD handbook firewall section with
examples that will answer all your questions.
www.a1poweruser.com/FBSD_firewall/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Gaspar
Kiraly
Sent: Sunday, July 11, 2004 8:52 AM
To: [EMAIL
Any similar projects like closedbsd out there ?
--
_(_)_
(_. o_)F3CZ0
(_,) http://feczo.nmi.rulez.org
()__
// //
___
[EMAIL PROTECTED] mailing list
http://www.m0n0.ch/
T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Feczak
Szabolcs
Sent: Tuesday, June 29, 2004 8:51 AM
To: [EMAIL PROTECTED]
Subject: firewall on cdrom
Any similar projects like closedbsd out there ?
--
_(_)_
(_. o_
Peter, choose your firewall software, with a host firewall (what you are
looking for, not a network firewall) the features you need will be
limited. Find a howto on using that firewall package. The only
difference between what you want and what most howtos provide
instructions
On Tue, 29 Jun 2004 17:50:56 +0200, Feczak Szabolcs [EMAIL PROTECTED] wrote:
Any similar projects like closedbsd out there ?
NetBoz Firewall
http://www.netboz.net/
Best regards,
zam4ever
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org
Hello,
Do you know some good tutorial for bulding firewall for FreeBSD as web
server. I found a lot of tutorials but for FreeBSD as router.
Some commented premade script with comments will also do the job.
I was plannding to use APF, but I am afarid to install it on FreeBSD
without good tutorial
Hello,
Do you know some good tutorial for bulding firewall for FreeBSD as web
server. I found a lot of tutorials but for FreeBSD as router.
Some commented premade script with comments will also do the job.
I was plannding to use APF, but I am afarid to install it on FreeBSD
without good tutorial
Peter Zyumbilev wrote:
Do you know some good tutorial for bulding firewall for FreeBSD as web
server. I found a lot of tutorials but for FreeBSD as router.
First, are you building a firewall or a web server?
If you're building a firewall, you don't want to run any services like WWW at
all
I am budiling a web server.
Since it is ina remote data center wher I do not contrl the router I prefer
I to build firewall on the www server.
APF http://www.rfxnetworks.com/apf.php
very popular firewall in the linux world.
Thanks,
Peter
- Original Message -
From: Chuck Swiger
On Monday 28 June 2004 12:44 pm, Peter wrote:
I am budiling a web server.
Since it is ina remote data center wher I do not contrl the router I prefer
I to build firewall on the www server.
APF http://www.rfxnetworks.com/apf.php
very popular firewall in the linux world.
Thanks,
Peter
Yes
from any to any
# Allowing changed traffic.
20550 allow ip from 213.10.151.186 to any out
20550 allow ip from any to not 213.10.151.186 in
# keep-state rules here
...
Second problem is you are
allowing every thing out your firewall. This is very bad as it
allows out any trojons or spy-ware from
Jim Freeze [EMAIL PROTECTED] wrote:
I am trying to configure my firewall to allow packets through
for a VPN connection. I am running FBSD 5.2 as my router and am trying
to connect my laptop from behind the router to our work computer.
The laptop is running OSX 10.3.4 with a Nortel Networks
On 2004-06-18T00:11:03-0500, Jim Freeze wrote:
Hi
I am trying to configure my firewall to allow packets through
for a VPN connection. I am running FBSD 5.2 as my router and am trying
to connect my laptop from behind the router to our work computer.
The laptop is running OSX 10.3.4
the answer is yes. The IP of clients on my LAN
are 192.168.0.x.
As far as the 'open' rule is concerned, I just used that to
test if Contivity worked. I'm not sure what you mean by not using AH.
When using the 'open' firewall ruleset, I did not have to
add any rules for ESP or AH.
Yep, I use a Nortel
are 192.168.0.x.
Then you are indeed using NATD, which means...
As far as the 'open' rule is concerned, I just used that to
test if Contivity worked. I'm not sure what you mean by not using AH.
When using the 'open' firewall ruleset, I did not have to
add any rules for ESP or AH.
... that you
Hi
I am trying to configure my firewall to allow packets through
for a VPN connection. I am running FBSD 5.2 as my router and am trying
to connect my laptop from behind the router to our work computer.
The laptop is running OSX 10.3.4 with a Nortel Networks client
made by Apani.
The VPN
I'm obviously missing something...
I've read as much about IPFW and firewall packet filtering as I can, and
Im still happy with these very simple rules:
su-2.05b# ipfw -a list
00100 16 1144 divert 8668 ip from any to any in via rl0
00200 17 964 divert 8668 ip from any to any out via rl0
On 2004-06-15 20:54, Robert Downes [EMAIL PROTECTED] wrote:
I'm obviously missing something...
su-2.05b# ipfw -a list
00100 16 1144 divert 8668 ip from any to any in via rl0
00200 17 964 divert 8668 ip from any to any out via rl0
00300 0 0 check-state
00400 32 3296 allow ip
JJB wrote:
First indication is the hit count on the check-state rule. It's zero
which means there is never an match in the keep-state table. For all
practical purposes your firewall keep-state rules are useless.
I was suspicious of that too, but if I remove the keep-state option from
the allow
and re-read the IPFW man page, and it does
me no good whatsoever.
If you want the max in firewall protection you
need stateful rules to monitor the bi-directional exchange of
session packets conversation so forged packets can not be inserted.
I agree.
My recommendation is to scrap your rule file
On 2004-06-15 23:29, Giorgos Keramidas [EMAIL PROTECTED] wrote:
On 2004-06-15 20:54, Robert Downes [EMAIL PROTECTED] wrote:
I'm obviously missing something...
su-2.05b# ipfw -a list
00100 16 1144 divert 8668 ip from any to any in via rl0
00200 17 964 divert 8668 ip from any to any out
I hope the subject says it all...
I'm told that while using xbox live behind a router (I'm using FreeBSD
5.2.1), ports 88 and 3074 need to be open.
I have this working for internal addresses in the 192.168.2.* range, and
it DID work back when I had a linux box doing the routing.
Can anyone tell
: When local processes want to mail, they fork n exec a sendmail binary
: themselves.
:
: You shouldn't need a sendmail server running for that.
Here is what I have/had in rc.conf
#sendmail_enable=no
#sendmail_submit_enable=no
#sendmail_outbound_enable=no
#sendmail_msp_queue_enable=no
And as
On Wed, 2004-05-26 at 14:27, Jonathon McKitrick wrote:
: When local processes want to mail, they fork n exec a sendmail binary
: themselves.
:
: You shouldn't need a sendmail server running for that.
Here is what I have/had in rc.conf
#sendmail_enable=no
#sendmail_submit_enable=no
On Wed, 26 May 2004 13:27:07 +0100
Jonathon McKitrick [EMAIL PROTECTED] wrote:
: When local processes want to mail, they fork n exec a sendmail binary
: themselves.
:
: You shouldn't need a sendmail server running for that.
Here is what I have/had in rc.conf
#sendmail_enable=no
On Mon, May 24, 2004 at 12:10:16PM -0400, JJB wrote:
: The log-in-vain feature is an good thing to keep. In your case it is
Okay, I'll put it back, then.
: The other post about firewall rules has nothing to do with your
: problem. The poster just did not recognize the messages as coming
: from
On Mon, May 24, 2004 at 08:50:17AM -0400, JJB wrote:
: The messages you are getting are generated from the log-in-vain
: option you have turned on. Every night when the cron management
: reports run they post email from root to root using the 127.0.0.1
If I disable this 'feature' and adjust my
This is probably a simple question with a simple answer, but I wasn't sure
where to look.
I recently installed a deny-all firewall and everything is working fine.
However, I keep getting /kernel log messages about attempts to connect to
port 25. Are these just various processes trying to mail
On Mon, May 24, 2004 at 01:29:57PM +0100, Jonathon McKitrick wrote:
This is probably a simple question with a simple answer, but I wasn't sure
where to look.
I recently installed a deny-all firewall and everything is working fine.
However, I keep getting /kernel log messages about attempts
From: Jonathon McKitrick [EMAIL PROTECTED]
This is probably a simple question with a simple answer, but I wasn't sure
where to look.
I recently installed a deny-all firewall and everything is working fine.
However, I keep getting /kernel log messages about attempts to connect to
port 25
On 2004-05-24 08:49, Thomas T. Veldhouse [EMAIL PROTECTED] wrote:
From: Jonathon McKitrick [EMAIL PROTECTED]
This is probably a simple question with a simple answer, but I
wasn't sure where to look.
[snip]
You should allow all traffic on your loopback device by default.
Much like this
in this machine or do I move it to the machine that
will be acting as a firewall/router/gateway? How do I set this up? Still confused on
this part.
On Tue, May 11, 2004 at 12:26:59AM -0500, Micheal Patterson wrote:
- Original Message -
From: Bryan Cassidy [EMAIL PROTECTED]
To: [EMAIL
- Original Message -
From: Bryan Cassidy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, May 11, 2004 12:31 PM
Subject: Re: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS
Sounds good to me but I'm still confused about how I need to set this up
hardware wise. The link
the NIC in this machine or do I move it to the machine that will be acting as a firewall/router/gateway? How do I set this up? Still confused on this part.
Another recommendation (although slightly outdated) is :
http://mostgraveconcern.com/freebsd/ (take a look at the dual-homed
system howto
- Original Message -
From: Bryan Cassidy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, May 11, 2004 12:20 AM
Subject: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS
Hello. I am currently running FreeBSD 4.9-RELEASE p-7. I am pretty
comfortable with FreeBSD for the most part
,
5.x, 4-stable, current or whatever. Which would you all recommend using in this
situation? I want to continue to use my nice newer, much faster computer to do all
configurations to the system, updates, installing software, running apache,
configuring firewall, etc. etc. etc. via ssh (good
Off-list, someone pointed out to me that ipnat is *much* easier to
deal with than IPFIREWALL and all its baggage. No kernel rebuilding,
no juggling with the firewall. Nice. For those of you in the same
situation as me, definitely look into ipnat.
My system gets its external address from my
I'm getting this in my log/messages:
Apr 25 13:25:42 mybox dhcpd: send_packet: Permission denied
Could it be that a certain firewall setting or something missing
would be causing this?
--
Chris Christoph P. U. Kukulies kuku_at_kukulies.org
___
[EMAIL
On Sun, Apr 25, 2004 at 01:33:22PM +0200, Christoph Kukulies wrote:
I'm getting this in my log/messages:
Apr 25 13:25:42 mybox dhcpd: send_packet: Permission denied
Could it be that a certain firewall setting or something missing
would be causing this?
Possibly. It might be worth
On Thu, Apr 22, 2004 at 04:25:53PM -0300, Marcelo Pinheiro wrote:
Hi,
I am very new to FreeBSD, and I have a quite simple question: How does IPFW
work when I use PIPES, divert and some other Firewall rules?
What does net.inet.ip.fw.one_pass mean? For instance, if I use a pipe before
I am using this document
HYPERLINK
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/filtering-bridges/filte
ring-bridges-contributors.htmlhttp://www.freebsd.org/doc/en_US.ISO8859-1/ar
ticles/filtering-bridges/filtering-bridges-contributors.html
I find no reference to MAC rules showing
I find no reference to MAC rules showing up in 5.2.1. Any help or advice
would be appreciated.
That's because bridge(4) doesn't do Layer 2 filtering. Neither does ipfw (as
well it shouldn't). I don't know if there are any plans to add this
capability to FreeBSD's bridge, but I know that
Hi,
I am very new to FreeBSD, and I have a quite simple question: How does IPFW
work when I use PIPES, divert and some other Firewall rules?
What does net.inet.ip.fw.one_pass mean? For instance, if I use a pipe before
a divert with one_pass set to 1, the packet passes through the pipe, but
does
Hi everyone,
I'm trying to write my own rules for ipfw under 4.9 STABLE.
But everytime I try to use the file with my rules my network is totally blocked
and the ipfw show command returns :
65535 38 2311 deny ip from any to any
I think there's a problem in my rules file and the system
.
Do you think this message come from the fwcmd=/sbin/ipfw line ?
I also verified because I was curious, the ipfw executable file of course
exists in my /sbin directory
read man ipfw and look at this
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/dialup-firewall/rules.html
for a basic
Over the last couple of months my ipfilter firewall has had an ever
increasing number of unsolicited inbound packet traffic.
Use to be about 10 a month and now I get about 280 per day.
I have to pay for this junk traffic in bandwidth charges.
Looking for an Automated abuse reporter that will read
Try this:
http://www.opennet.ru/docs/RUS/squid_filter/squidguard.html
It is in Russian, but you will figure it out by looking at config files. I
installed it on 5.2.1 and it is stable. Great way of keeping your users
off the bad sites.
Regards,
Denis
I have seen lots of pages on google on how
Hi,
I have just got my firewall up and running.
Everything is running great except for inbound
sendmail connections. It appears my firewall is
blocking port 25 traffic. I can telnet localhost 25
and it works fine internally. From the outside world,
all I get is a connection refused. Can
Hi JP,
JP wrote:
Hi,
I have just got my firewall up and running.
Everything is running great except for inbound
sendmail connections. It appears my firewall is
blocking port 25 traffic. I can telnet localhost 25
and it works fine internally. From the outside world,
all I get is a connection
I have seen lots of pages on google on how to setup Squid as a Transparent
Proxy server on FreeBSD. However most of these refer to 4.9 stable, using
IPTables. I am currently using natd and ipfw. Here are my Firewall rules
rc.firewall.rules
proxy# cat rc.firewall.rules
# be quiet and flush all
On Wed, Mar 24, 2004 at 04:20:24PM -0600, Shawn Kennedy wrote:
Help!
My company has shut down the ports in and out
of the firewall dramatically! No SOCKS support
so I tried using ssh. According to the cvsup
documentation, you are to have a login on the CVS box
you are trying to update
From: Matthew Seaman [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 25, 2004 3:42 AM
On Wed, Mar 24, 2004 at 04:20:24PM -0600, Shawn Kennedy wrote:
Help!
My company has shut down the ports in and out
of the firewall dramatically! No SOCKS support
so I tried using ssh. According
Help!
My company has shut down the ports in and out
of the firewall dramatically! No SOCKS support
so I tried using ssh. According to the cvsup
documentation, you are to have a login on the CVS box
you are trying to update from, but I don't (the
official mirrors). I don't even have a box I
On Mon, 22 Mar 2004, Byron Schlemmer wrote:
I'm having a problem enabling the ipfw firewall on RELENG-4.9 boxes
cvsuped and installed today. Basically ipfw enable firewall leaves
net.inet.ip.fw.enable set to 0 and the ipfw counters are not changing
when I do a ipfw show, so the firewall
Hi all,
I'm having a problem enabling the ipfw firewall on RELENG-4.9 boxes
cvsuped and installed today. Basically ipfw enable firewall leaves
net.inet.ip.fw.enable set to 0 and the ipfw counters are not changing
when I do a ipfw show, so the firewall is definitely not being loaded.
Anyone else
,
the program is stopped at the beginning and it doesn't download anything.
c) Even all, I played with cvsup -P port (openning that port in my
firewall), -P - (for passive connections as CVS uses), -P a, and -P m.
But none above worked, so I'm frustrated.
The very very
Howdy, did you ever get that fixed? I'm having the same
exact problem as you.
_o_
\ ... Jeff Beaubien
Beaubien Investment Co, LLC.
www.L2P.com
www.Lease2Purchase.com
www.CREPlanet.com
==
Important Links
Well,
last night I changed the ipf.rules file to be:
pass in all keep state
pass out all keep state
to completely open my firewall to test my performance.
Well, it didn't make a lick of difference. Still got
700K.
If I open the firewall like I did, shouldn't performance
be a non issue
connected his notebook to this port and
saw 1.5Mb performance. There is a cat 5 run from this
external box to my office in my basement. There is a jack
on the end of this run. The tech connected to this jack
and saw roughly 1.48Mb performance.
Since both cards in the firewall are 3com 10Mb cards
On Wed, Mar 10, 2004 at 08:10:05AM -0600, Darryl Hoar wrote:
Well,
last night I changed the ipf.rules file to be:
pass in all keep state
pass out all keep state
to completely open my firewall to test my performance.
Well, it didn't make a lick of difference. Still got
700K.
If I
Hi,
I have a 5.2.1 firewall box that also has a mailserver.
Goal:
- firewall can send and receive mail - rest of the world
- firewall can send and receive mail - internal LAN machines
- firewall blocks internal LAN machines from connecting to
external SMTP servers
firewall/mail gw
Mike Jackson wrote:
Hi,
I have a 5.2.1 firewall box that also has a mailserver.
Goal:
- firewall can send and receive mail - rest of the world
- firewall can send and receive mail - internal LAN machines
- firewall blocks internal LAN machines from connecting to
external SMTP servers
firewall
.
#
pass in quick on xl0 proto udp from 10.0.0.0/8 to any port = 68 keep state
#
# Block and log all remaining traffic coming into the firewall
# - Block TCP with a RST (to make it appear as if the service
# isn't
Kevin D. Kinsey, DaleCo, S.P. ([EMAIL PROTECTED]) wrote:
have something to do with it. If the machine
is running NAT/divert whatever, it might
well be diverting before blocking? But I'm
wrong so often it's not very funny ... and
I use ipfw instead of ipf.
One last thing, I forgot to
Greetings,
I have a dedicated older box that is running Freebsd 4.7-stable,
IPFilter and nat for my home network. It has a 3com 10Mb
ethernet adapter plugged into the dsl jack (we don't have /need
dsl modems as we have fiber to the house). The other NIC in the
firewall is another 3com 10Mb
Greetings,
I have used in the past http://www.schlacter.net/ as a guide
to setting up my firewall. Does anyone have a better,
more update one, as the acticle referenced is for freebsd
4.6, not the 5.x version.
thanks,
Darryl
___
[EMAIL PROTECTED
--- Darryl Hoar [EMAIL PROTECTED] wrote:
Greetings,
I have used in the past http://www.schlacter.net/ as
a guide
to setting up my firewall. Does anyone have a
better,
more update one, as the acticle referenced is for
freebsd
4.6, not the 5.x version.
thanks,
Darryl
JJB,
Wow those are some very powerful opinions that you have and are touting
as fact.
Regardless, I was not asking about the relative stability of the current
branch, or advise on coding rules. I simply have a firewall that I have
a default deny, and I write rules for what I want to allow. I
Hi all,
I am building a new firewall based on 5.2.1-RELEASE. I am using the
openbsd port of PF, but I think that my question is fairly generic.
I have remote systems that sort of vpn through this one using
ppp-over-ssh. This uses tun devices. In the past, when I had configured
X number
at running
more than on BSD box on the same network and not sure if i need natd or
firewall enabled.
#
#/etc/rc.conf @V23.computerking.ca
box on the same network and not sure if i need natd or
firewall enabled.
You didn't include your kernel config file, but the default firewall
behaviour is to deny all traffic. There's a kernel config option to
change this - see the sample config files.
Kris
pgp0.pgp
Description: PGP
) for a
differnt network so lots of stuff is commented out. I am new at running
more than on BSD box on the same network and not sure if i need natd or
firewall enabled.
You didn't include your kernel config file, but the default firewall
behaviour is to deny all traffic. There's a kernel config option
On Tue, Mar 02, 2004 at 03:23:24AM -0700, RYAN vAN GINNEKEN wrote:
Thank you for your reply
Here is my kernel config file well just the options i added do you need
more of it?
which samples are you refering to and how come i never had problems like
this before??
Compare to GENERIC or LINT
On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
I looked at that. That's not what I mean. :) I mean, if I do not have to
build a new kernel to enable firewalling, logging and divert,
I've always done this with a kernel build. There may be a way to do the
latter two through loadable modules, but
On Sat, 28 Feb 2004 3:47 am, Derrick Ryalls wrote:
I have a port redirect, public port 5001 to an internal machine
port 3389, for Remote Desktop that works well in natd as long as I
don't fire up my custom firewall:
0005023427286 divert 8668 ip from any to any via sis0
00100 24
Hello,
Is there a place where I could get more information (preferably
step-by-step instructions) on how to set up FreeBSD 5.x as a
Firewall/Router for a very small network, with a dial-up connection?
--
-=Robert Beata Golovniov | Lviv, Ukraine
I have a port redirect, public port 5001 to an internal machine port 3389,
for Remote Desktop that works well in natd as long as I don't fire up my
custom firewall:
0005023427286 divert 8668 ip from any to any via sis0
00100 24 6080 allow ip from any to any via lo0
00200 0
I put 'firewall_enable=YES' in /etc/rc.conf, in anticipation of
rebuilding my kernel with the following options turned on:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
I rebooted, for unrelated reasons, and now see in the messages
]
Onderwerp: Firewall enabling confusion.
I put 'firewall_enable=YES' in /etc/rc.conf, in anticipation of
rebuilding my kernel with the following options turned on:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
I rebooted, for unrelated
Remko Lodder wrote:
kldstat is the program you are looking for (like lsmod)
It can indeed be that the module is loaded with it's default
settings {block all}
Hope this solves your lsmod question, the rest i cannot help you
with since i don't understand ipfw :) {yet}
Thanks! Yes, the ipfw.ko
On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
Thanks! Yes, the ipfw.ko module is getting loaded. So now I just need to
know how to enable things like divert and logging.
/etc/rc.firewall has examples.
-Warren Block * Rapid City, South Dakota USA
___
Warren Block wrote:
On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
Thanks! Yes, the ipfw.ko module is getting loaded. So now I just need to
know how to enable things like divert and logging.
/etc/rc.firewall has examples.
I looked at that. That's not what I mean. :) I mean, if I do not have to
On Fri, 27 Feb 2004 15:43:16 -0500
Shaun T. Erickson [EMAIL PROTECTED] wrote:
Warren Block wrote:
On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
Thanks! Yes, the ipfw.ko module is getting loaded. So now I just
need toknow how to enable things like divert and logging.
Ion-Mihai Tetcu wrote:
hint:
sysctl -a | grep ip.fw
for logging do:
sysctl -w net.inet.ip.fw.verbose: 1
sysctl -w net.inet.ip.fw.verbose_limit: 5
Ah.
see also man ipfw, it will answer your questions.
I'm still wading through it - it's quite a long read. I'll finish before
asking anything else.
On Fri, 27 Feb 2004 16:14:26 -0500
Shaun T. Erickson [EMAIL PROTECTED] wrote:
Ion-Mihai Tetcu wrote:
hint:
sysctl -a | grep ip.fw
for logging do:
sysctl -w net.inet.ip.fw.verbose: 1
sysctl -w net.inet.ip.fw.verbose_limit: 5
Ah.
see also man ipfw, it will answer your
Hello,
I want to setup a firewall (on my LAN's gateway) so that the only
traffic that pass through is the one initiated from my local network (we
have public IP's).
My firewall looks like this
ipfw add check-state
ipfw add deny tcp from any to any established
ipfw add allow tcp from $my_lan
You have run into the IPFW legacy divert/nated subroutine bug. IPFW
stateful rules and divert/nate do not work together. IPFW stateful
rules only work in non-NATed environment. You need to use
IPFILTER/IPNAT the other firewall software application which is
built into FBSD. The FBSD handbook does
hello list!
i want to ask some help on port forwarding in a bridge-firewall network.
our network setup is:
1. the router is outside the firewall, direct to the internet.
2. the bridge-firewall computer (2 ethernet cards installed, eth0 - outside (router),
eth1 - protected network) is between
Really hard to help you when you do not post what firewall you are
using and the nat rules you are using.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Edison Cala
Sent: Wednesday, February 25, 2004 4:20 AM
To: [EMAIL PROTECTED]
Subject: port forwarding
On Wed, Feb 25, 2004 at 05:19:35PM +0800, Edison Cala wrote:
hello list!
i want to ask some help on port forwarding in a bridge-firewall
network.
our network setup is:
1. the router is outside the firewall, direct to the internet.
2. the bridge-firewall computer (2 ethernet cards
701 - 800 of 1122 matches
Mail list logo
