Re: Firewall rules for local lan
Gaspar Kiraly wrote: I am in the process of setting up ipfw for my server and a small LAN of two pcs. The FreeBSD server is used as an internet gateway with a dial up connection (ppp -auto -alias demand). My network connection is working fine, however I am getting more and more junk mail lately. It looks like some sites are sniffing out my e-mail address, my pc configs, etc. Hence, I'd like to setup a firewall. I found many good examples, however they deal with a one pc (FreeBSD) one network card setup. For ex: do I need to add divert and bridge to the Kernel config file? How do I set up different rules for for each nic? I'd like to be able to access the FreeBSD server from my local LAN w/o any restrictions but I do not want the internet sites to do the same with my server and LAN. Would you have an example setup for this scenario? The FreeBSD server is also setup to provide address resolution for the internet. You don't need divert or bridge, because ppp(1) has built-in packed filtering. Have a look at ppp(1) man page, esp. the section packet filtering. Don't forget to enable ppp NAT and to set up your box as a gateway in /etc/rc.conf: hostname=your.hostname.tld gateway_enable=YES ppp_enable=YES ppp_profile=your-isp-profile ppp_user=root ppp_mode=ddial ppp_nat=YES named_enable=YES named_flags=-u bind -g bind Don't forget to add your filter rules in /etc/ppp/ppp.conf. I'd appreciate any help. Gaspar -cpghost. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall rules for local lan
Here is a rewrite of the FreeBSD handbook firewall section with examples that will answer all your questions. www.a1poweruser.com/FBSD_firewall/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gaspar Kiraly Sent: Sunday, July 11, 2004 8:52 AM To: [EMAIL PROTECTED] Subject: Firewall rules for local lan Hello, I have a quick question for you: I am in the process of setting up ipfw for my server and a small LAN of two pcs. The FreeBSD server is used as an internet gateway with a dial up connection (ppp -auto -alias demand). My network connection is working fine, however I am getting more and more junk mail lately. It looks like some sites are sniffing out my e-mail address, my pc configs, etc. Hence, I'd like to setup a firewall. I found many good examples, however they deal with a one pc (FreeBSD) one network card setup. For ex: do I need to add divert and bridge to the Kernel config file? How do I set up different rules for for each nic? I'd like to be able to access the FreeBSD server from my local LAN w/o any restrictions but I do not want the internet sites to do the same with my server and LAN. Would you have an example setup for this scenario? The FreeBSD server is also setup to provide address resolution for the internet. I'd appreciate any help. Gaspar ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
