Firewall
Joshua Lokken
joshualokken at attbi.com
Sat Apr 5 12:54:57 PST 2003
* John Meyer (john at ast.com.na) wrote:
==>
==> Good Day.
==>
==> I have a small problem compared to the problems listed here. I have Freebsd
==> v3.1 (fairly old). I have compiled the kernel with
==> options IPFIREWALL and
==> options IPDIVERT
==> options IPFIREWALL_VERBOSE
==>
==> in my rc.conf file I have
==> gateway_enable="YES"
==> firewall_enable="YES"
==> firewall_type="/etc/firewall.ast"
==> natd_interface="vx0"
==> natd_flags=""
==>
==> In the etc dir I have a file called firewall.ast.
==>
==> My problem is I seem to get an error at bootup stating as if you are running
==> ipfw cmd without options. I have disabled all the rules in firewall.ast
==> except the first one.
==> add 00100 tcp from any to any
==>
==> When I disable that as well all seems to work well. It looks like the option
==> in rc.conf firewall_type="/etc/firewall.ast" does not get interpreted
==> correctly.
I'm ceratinly no expert, and have only used FreeBSD since 4.5, but here
goes. I think you need:
firewall_enable="YES"
firewall_script="/etc/firewall.ast"
If you use the firewall_type option, I think it wants to use that type
of firewall from /etc/rc.firewall, ie SIMPLE, OPEN, CLOSED, etc.
==> 2nd Problem is I need to divert my public ip port 80 to a private ip port 80
==> what are the steps in natd to follow without compromising my security on the
==> private side.
No problem. This is a nat function. You need, either in rc.conf or
/etc/natd.conf:
#cat /etc/natd.conf
redirect_port tcp 10.0.0.2:80 80
and then, in rc.conf:
natd_flags="/etc/natd.conf"
==> Thank you very much in advance for any assistance.
Glad to [hopefully] help ;)
==> John Meyer
==> AST Namibia
==>
--
Joshua
More information about the freebsd-questions
mailing list