ipfw allowing browser only
David Banning
david+dated+1100304935.5252ad at skytrackercanada.com
Sun Nov 7 16:15:58 PST 2004
> Hello
> You only need tcp 80 on regular http and 443 for ssl, https
> I don't get what exactly are you trying to do? Are you publishing a web
> server to external clients behind a firewall? Any diagram text would be nice
This is simply to block all on the network from using any port
except 80. I want to block Messenger. If it starts running on port 80
then I am told I can block it via squid/dansguardian.
Internet <> router
server <filtered only port 80> client winbox (192.168.1.6)
>
> Internet <> router (192.168.1.6) <> webserver(192.168.1.1)
> Is this right?
Yes.
>
>
>
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of David Banning
> Sent: November 7, 2004 1:57 PM
> To: questions at freebsd.org
> Subject: ipfw allowing browser only
>
> I am trying to filter out all traffic except browser traffic.
> So I tried
>
> 01000 allow tcp from any to 192.168.1.6 80
> 01100 allow udp from any to 192.168.1.6 80
> 01200 deny ip from any to 192.168.1.6
> 65535 allow ip from any to any
>
> But this does not allow browser traffic.
>
> I have my browser traffic redirected via ipnat - ipnat rules are;
>
> rdr dc0 127.0.0.1/0 port 80 -> 192.168.1.1 port 8180 tcp
>
> I don't know what comes first, the redirect or the firewall, so maybe
> I should be allowing traffic to 8180?
>
> My host is 192.168.1.1 and the win browser is at 192.168.1.6
>
> Any help here would be appreciated.
>
> --
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
>
--
More information about the freebsd-questions
mailing list