Firewall

Joshua Lokken joshualokken at attbi.com
Sat Apr 5 12:54:57 PST 2003


* John Meyer (john at ast.com.na) wrote:
==> 
==> Good Day.
==> 
==> I have a small problem compared to the problems listed here. I have Freebsd
==> v3.1 (fairly old). I have compiled the kernel with
==> options IPFIREWALL and
==> options IPDIVERT
==> options IPFIREWALL_VERBOSE
==> 
==> in my rc.conf file I have
==> gateway_enable="YES"
==> firewall_enable="YES"
==> firewall_type="/etc/firewall.ast"
==> natd_interface="vx0"
==> natd_flags=""
==> 
==> In the etc dir I have a file called firewall.ast.
==> 
==> My problem is I seem to get an error at bootup stating as if you are running
==> ipfw cmd without options. I have disabled all the rules in firewall.ast
==> except the first one.
==> add 00100 tcp from any to any
==> 
==> When I disable that as well all seems to work well. It looks like the option
==> in rc.conf firewall_type="/etc/firewall.ast" does not get interpreted
==> correctly.

I'm ceratinly no expert, and have only used FreeBSD since 4.5, but here
goes.  I think you need:

firewall_enable="YES"
firewall_script="/etc/firewall.ast"

If you use the firewall_type option, I think it wants to use that type
of firewall from /etc/rc.firewall, ie SIMPLE, OPEN, CLOSED, etc.

==> 2nd Problem is I need to divert my public ip port 80 to a private ip port 80
==> what are the steps in natd to follow without compromising my security on the
==> private side.

No problem.  This is a nat function.  You need, either in rc.conf or
/etc/natd.conf:

#cat /etc/natd.conf
redirect_port tcp 10.0.0.2:80 80

and then, in rc.conf:

natd_flags="/etc/natd.conf"

==> Thank you very much in advance for any assistance.

Glad to [hopefully] help ;)

==> John Meyer
==> AST Namibia
==>

--
Joshua 


More information about the freebsd-questions mailing list