IPFW Rules and Games
deeptech71 at gmail.com
deeptech71 at gmail.com
Sun Nov 4 12:04:11 PST 2007
Jack Barnett wrote:
> deeptech71 at gmail.com wrote:
>> So basically the ruleset should be simple:
>>
>> ipfw -f flush
>> # allow lo0 stuff
>> # block some spoofs/attacks
>> # if you are hosting gameservers from 192.168.17.3 or whatever,
>> # you should (manually) open server ports, in other words, add
>> # routes to 192.168.17.3 to specific server ports
>> ipfw add divert natd all from any to any via $outside_interface
>> allow all from any to any
>> # block some more spoofs/attacks :)
>> # define services (like you did with http)
> Sorry, this didn't work.
>
>
>
just without any security concerns, try this script:
#!/bin/sh
ipfw -f flush
ipfw add divert natd via xl0
ipfw add allow all from any to any
But please tell me, what kind of internet connection do you have? You
said you have a Dynamic IP. Are you using connecting to the Internet via
ppp? If so, replace xl0 up there with tun0 (or whatever tunnel ppp created).
Here's my stuff:
::: /etc/natd.conf :::
dynamic yes
same_ports yes
deny_incoming yes
unregistered_only yes
redirect address 192.168.123.254 0.0.0.0
::: part of /etc/rc.conf :::
# [...]
ifconfig_rl0="inet 192.168.123.254 netmask 255.255.255.0"
ifconfig_ed0="up" # <-- this is the external one
# plus there is a tun0 for PPPoE
firewall_enable="YES"
firewall_script="/etc/ipfw.rules" # something like the above script
gateway_enable="YES"
router_enable="NO"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-f /etc/natd.conf"
ppp_enable="YES"
# [...]
More information about the freebsd-questions
mailing list