ipfw allowing browser only
Ara
ara at avvali.com
Sun Nov 7 11:19:07 PST 2004
Hello
You only need tcp 80 on regular http and 443 for ssl, https
I don't get what exactly are you trying to do? Are you publishing a web
server to external clients behind a firewall? Any diagram text would be nice
Internet <> router (192.168.1.6) <> webserver(192.168.1.1)
Is this right?
-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org] On Behalf Of David Banning
Sent: November 7, 2004 1:57 PM
To: questions at freebsd.org
Subject: ipfw allowing browser only
I am trying to filter out all traffic except browser traffic.
So I tried
01000 allow tcp from any to 192.168.1.6 80
01100 allow udp from any to 192.168.1.6 80
01200 deny ip from any to 192.168.1.6
65535 allow ip from any to any
But this does not allow browser traffic.
I have my browser traffic redirected via ipnat - ipnat rules are;
rdr dc0 127.0.0.1/0 port 80 -> 192.168.1.1 port 8180 tcp
I don't know what comes first, the redirect or the firewall, so maybe
I should be allowing traffic to 8180?
My host is 192.168.1.1 and the win browser is at 192.168.1.6
Any help here would be appreciated.
--
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list