The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 ipfw/natd
Author: Marc Giannoni 
Date:   20-03-00 20:27

Hi:

I've setup an RFC1918 net at home and I'm using ipfw/natd because my internet connection does not use a serial port. I also prefer the 'kernel' implementation for (possibly misguided) security reasons. The release is FreeBSD-3.4.

I can't seem to get the "simple" firewall rules working correctly, and I've made some significant efforts such as modifying the "RFC1918" section to ensure that the inside interface is not blocked. "Open" rules work flawlessly (of course), but where is the security in that?? (I've read about ipfw applying rules twice to packets being forwarded - but I still can't get the rules rught....aarrrggg!)

What I am searching for are some example firewall rules for "ipfw" from people who use "ipfw". What I am NOT searching for is "try using IPFilter" from people who use "IPFilter"! Now if you happen to use "ipfw" and tell me to use "IPFilter", well.... hmmmm.... I'm not sure what I'll do then....

Marc



Reply To This Message
 
 RE: ipfw/natd
Author: Dan Langille 
Date:   20-03-00 21:30

If the simple rules are not working, then something is wrong. Perhaps you have not setup /etc/rc.firewall with the correct IP addresses. You didn't post these sections:

# set these to your outside interface network and netmask and ip
oif="ed0"
onet="192.168.4.0"
omask="255.255.255.0"
oip="192.168.4.17"

# set these to your inside interface network and netmask and ip
iif="ed1"
inet="192.168.3.0"
imask="255.255.255.0"
iip="192.168.3.17"

FWIW: I use ipfilter.

Reply To This Message
 
 RE: ipfw/natd
Author: Darknight 
Date:   22-03-00 02:06

i am currently using ipfw/natd and it works fine, well except for ms directplay cause i don't know how to port forward the ports that ms directplay uses if ne1 could help me with that i'd greatly appreciate it. neways heres my question, what are the main differences between ipfw/natd and ipfilter? and which one is better/easier to use?

Reply To This Message
 
 RE: ipfw/natd
Author: Dan Langille 
Date:   25-03-00 01:00

I would search the mailing list archives for directplay ports.

I find ipfilter easier to set up because the NAT isn't heavilty integrated with the firewall rules. That's it. I prefer the rule structure in ipfilter because of the rule groups. It makes your rule set a tree rather than a list.

Everything else would be personal preferences.


Reply To This Message
 
 RE: ipfw/natd
Author: Marc Giannoni 
Date:   31-03-00 16:53

Do you use "open" firewall rules (from rc.firewall), or have you been successful with something a bit more secure?

Reply To This Message
 
 RE: ipfw/natd
Author: Jeff Bitgood 
Date:   27-07-00 23:34

I'm having the exact same problem. It works in open, but not simple. I'm using 4.0 rel.

Here's the info you said you'd need:

oif="ep0"
onet="xxx.xxx.xxx.120"
omask="255.255.255.248"
oip="xxx.xxx.xxx.122"

iif="ep1"
inet="192.168.1.0"
imask="255.255.255.0"
iip="192.168.1.3"

Any help would be greatly appreciated.

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org