>Hi > >Yes sorry - I suppose I was assuming that goes without saying. >Will open 443 for https and close 80 and do a transparent squid proxy >which I got to wkr. > >I just cant seem to understand in and out. >Does in mean INTO the BOX or into the specific interface what happens if >you don¹t specify an interface when u say in or out? >OR does in mean into the internal network from outside or just into the >box? > >Please just elaborate on that for me ? > >David. > >On 2011/07/18 8:32 PM, "Chuck Swiger" <cswi...@mac.com> wrote: > >>On Jul 18, 2011, at 10:41 AM, David van Rensburg - PC Network wrote: >>> Ive been having a problem with ipfw and nat. I can get nat to work but >>>I want the following: >>> My lan must only have access to outgoing port 80 >> >>For web access to be useful for most cases, you also need to permit 443 >>for HTTPS. >> >>> I want to be able to allow some lan users access to ftp and outgoing >>>3389 (remote desktop), but by default only port 80 >>> I have transparent proxy work in ipfw. >>> I want to be able to limit outgoing and incoming to the freebsd server >>>according to port. >>> I want a default deny. >> >>You haven't mentioned anything about DNS, NTP, SMTP & POP3/IMAP. For web >>access or remote desktop to function, you'll need to permit DNS traffic >>so they can find the machines they are connecting to. And most networks >>want to have network time and email working. >> >>> ANY help or point me in the right direction would be great. I have been >>>googling for a week now and cant find anything similar. Most examples >>>don't use a default deny and don't allow certain services to the lan >>>users. >> >>Start with: >> >> http://www.freebsd.org/doc/handbook/firewalls-ipfw.html >> >>...and the books recommended in /etc/rc.firewall: >> >># If you don't know enough about packet filtering, we suggest that you >># take time to read this book: >># >># Building Internet Firewalls, 2nd Edition >># Brent Chapman and Elizabeth Zwicky >># >># O'Reilly & Associates, Inc >># ISBN 1-56592-871-7 >># http://www.ora.com/ >># http://www.oreilly.com/catalog/fire2/ >># >># For a more advanced treatment of Internet Security read: >># >># Firewalls and Internet Security: Repelling the Wily Hacker, 2nd Edition >># William R. Cheswick, Steven M. Bellowin, Aviel D. Rubin >># >># Addison-Wesley / Prentice Hall >># ISBN 0-201-63466-X >># http://www.pearsonhighered.com/ >># http://www.pearsonhighered.com/educator/academic/product/0,3110,0201634 >>6 >>6X,00.html >> >>Regards, >>-- >>-Chuck >> >> >
_______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
