Setting a simple firewall for PPPoE connection

P.U.Kruppa root at pukruppa.de
Sun Jun 12 05:16:37 GMT 2005 

On Sun, 12 Jun 2005, Paul Dufresne wrote:

>
> On Thu, 9 Jun 2005 18:22:45 +0200 (CEST), "P.U.Kruppa"
> <root at pukruppa.de> said:
>> On Thu, 9 Jun 2005, dk dkrules wrote:
>>
>>> I am very dissappointed. I have been looking on the net for 3 days now
>>> looking for easy setup guides or How to guides and setting up FreeBSD 5.x
>>> with transparent proxy and firewall and there simply is no easy way
>>> explaining to beginners how to do such a setup.
>> 1) Before you start playing around with squid and firewall you
>>     have to make sure your FreeBSD box works as a gateway.
>> 2) When this is done look into google for setup of squid as a
>>     transparent proxy (these are two or three entries in a config
>>     file).
>> 3) enable firewall in /etc/rc.conf with lines like
>>     firewall_enable="YES"
>>     firewall_script="/etc/firewall.conf"
>> 4) edit your /etc/firewall.conf with something like
>>
>>     ipfw add 500 fwd 127.0.0.1 tcp from any to any 80 recv rl0
>>     ipfw add 60000 allow all from any to any
>>
>>     where rl0 is the device name of your NIC.
>> 5) reboot
>
> Well, I feel a bit like the original poster.
Oops?! As you can see I answered a question about transparent 
proxying - which is interesting, too, but quite a different 
topic.

> I had in mind of activating a firewall for my PPPoE connection
> a bit like it is easy to do on Windows XP.
There exists a very simple way to activate a firewall in freebsd:
# /stand/sysinstall
will open FreeBSD's installation menu.
-> Configure -> Security -> Security Profile gives you two 
options  for standard firewalls.

> Now, maybe I can use 127.0.0.1 like you did in step 4 above, but
> I don't really understand these rules yet. It looks like to me the
> first one accept HTTP traffic (port 80) and that the second one
> accept every traffic. I would have expected that the second one
> would refuse every traffic, leaving only traffic from the first
> rule to go through.
As I said: this is a setup for a transparent proxy, not a 
security firewall. It just catches all http requests (port 80) 
and forces them to check Squid's cache.
Squid is the proxy-program.

Good Luck,

Uli.


*********************************************
* Peter Ulrich Kruppa - Wuppertal - Germany * 
*********************************************

More information about the freebsd-questions mailing list