The rules in the IP Masquerade mini-HOWTO are probably about as good as
you're going to get. Ipfwadm, and packet filtering in general, have some
limitations at present. What you can do is set up the rules to block any
packet addressed to a host behind the firewall. That's covered in the
HOWTO. Then only a packet addressed to the port on the firewall which is
masqueraded to a session opened by the firewalled host will go through.
Hope this helps. O'Reilly also has a book called "Building Internet
Firewalls," but it's dated, and doesn't mention ipfwadm or any of the
other Linux firewall software.
On Tue, 4 Aug 1998, Phil Stilton wrote:
> Subject: [masq] ipfwadm rules
>
> can someone send me a url or example of a ipfwadm policy...
>
> right now, all i have set is masq'ing and it works fine, however this
> provides me with absolutely no security since it lets everyone in and out...
>
> I want to allow ANY outgoiing masqing...
> I want to set rules for incoming requests by ip for specific services.
>
> I can make it work, but it seems like no matter what I do, if I block say,
> ftp incoming, it also keeps blocking outbound ftp masq packets.. All I
> need is maybe if somebody has a "demo" policy I can take a peek at to see
> what Im doing wrong.
>
> The only way i can get it back to working again after I make my changes is
> to just ipfwadm -I -p accept..
>
> thanks.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
