> Hello > You only need tcp 80 on regular http and 443 for ssl, https > I don't get what exactly are you trying to do? Are you publishing a web > server to external clients behind a firewall? Any diagram text would be nice
This is simply to block all on the network from using any port except 80. I want to block Messenger. If it starts running on port 80 then I am told I can block it via squid/dansguardian. Internet <> router server <filtered only port 80> client winbox (192.168.1.6) > > Internet <> router (192.168.1.6) <> webserver(192.168.1.1) > Is this right? Yes. > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David Banning > Sent: November 7, 2004 1:57 PM > To: [EMAIL PROTECTED] > Subject: ipfw allowing browser only > > I am trying to filter out all traffic except browser traffic. > So I tried > > 01000 allow tcp from any to 192.168.1.6 80 > 01100 allow udp from any to 192.168.1.6 80 > 01200 deny ip from any to 192.168.1.6 > 65535 allow ip from any to any > > But this does not allow browser traffic. > > I have my browser traffic redirected via ipnat - ipnat rules are; > > rdr dc0 127.0.0.1/0 port 80 -> 192.168.1.1 port 8180 tcp > > I don't know what comes first, the redirect or the firewall, so maybe > I should be allowing traffic to 8180? > > My host is 192.168.1.1 and the win browser is at 192.168.1.6 > > Any help here would be appreciated. > > -- > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > -- _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
