IPFIREWALL_FORWARD help
AndreasWiderøeAndersen
awand at pragma.no
Mon Mar 31 23:38:55 PST 2003
Dear list readers,
I'm currently setting up a transparent proxy and I've run into some
problems. We're going to use IPFW to route https traffic from the big bad
internet into a https enabled webmailserver on a closed network behind a
firewall. This network is not using NAT, so I simply need to reroute
traffic, atleast that's what I think.
I've compiled IPFIREWALL, IPFIRWALL_VERBOSE, IPFIREWALL_VERBOSE_LIMIT* and
IPFIREWALL_FORWARD into the kernel of the 4.8 RC system which seems to be
working fine.
In my /etc/rc.conf file I've set firewall_enable="YES" and
firewall_type="CLOSED". I only want to have the ports we need to use open.
I'm planning to put all my rules in a file that's loaded during boot:
firewall_type="/path/to/my.rules" later. Should I use firewall_type or
firewall_script for this? What's the difference?
I've been searching for information on how to apply my rules for
forwarding, but haven't found too much yet. Would someone be kind and show
me a few examples on how I can add these "pseudo" rules written below?
The rules I need are the following:
myhost=ip
mycomputer=myip
allow all (?) from any 443 to myhost 443 (allow incoming https to be
forwarded to internal https server)
allow tcp from mycomputer 22 to myhost 22 (allow me to ssh into the machine)
- Do I need more? DNS?
The server will function simply as a router I guess with no other
particullar services running.
Any help is greatly appreciated. Thanks in advance!
Regards,
Andreas
---
Andreas Widerøe Andersen <awand at pragma.no>
Pragma AS
http://www.pragma.no
More information about the freebsd-questions
mailing list