AndreasWiderøeAndersen awand at pragma.no
Mon Mar 31 23:38:55 PST 2003

Dear list readers,
I'm currently setting up a transparent proxy and I've run into some 
problems. We're going to use IPFW to route https traffic from the big bad 
internet into a https enabled webmailserver on a closed network behind a 
firewall. This network is not using NAT, so I simply need to reroute 
traffic, atleast that's what I think.

IPFIREWALL_FORWARD into the kernel of the 4.8 RC system which seems to be 
working fine.

In my /etc/rc.conf file I've set firewall_enable="YES" and 
firewall_type="CLOSED". I only want to have the ports we need to use open. 
I'm planning to put all my rules in a file that's loaded during boot: 
firewall_type="/path/to/my.rules" later. Should I use firewall_type or 
firewall_script for this? What's the difference?

I've been searching for information on how to apply my rules for 
forwarding, but haven't found too much yet. Would someone be kind and show 
me a few examples on how I can add these "pseudo" rules written below?

The rules I need are the following:


allow all (?) from any 443 to myhost 443 (allow incoming https to be 
forwarded to internal https server)
allow tcp from mycomputer 22 to myhost 22 (allow me to ssh into the machine)
- Do I need more? DNS?

The server will function simply as a router I guess with no other 
particullar services running.

Any help is greatly appreciated. Thanks in advance!


Andreas Widerøe Andersen <awand at pragma.no>
Pragma AS


More information about the freebsd-questions mailing list