I apologies if there is a better list to send this question to. I think this
is a network question.
I want to limit who gets from my internal network to the Internet to a few
static IP addresses. I also want to prevent people on the Internet from
getting access to my FreeBSD box or workstations.
I'm running FreeBSD 2.2.8 with the included Firewall (IPFW) and NAT.
The NIC in my FreeBSD box (ed0) is set to 172.16.1.1 and the modem is
dynamically assigned when connecting to the Internet.
My workstation's (Win '95) NIC is set to 172.16.1.5 and it's DNS and gateway
is set to 172.16.1.1
With the following firewall rules, I can get access to the internet via
workstation or FreeBSD.
allow all from any to any
deny all
When I have any of the following rule combinations it dosn't allow access to
the internet from a workstation or my FreeBSD box.
allow ip from 172.16.1.1 to any
allow ip from 172.16.1.5 to any
deny all
allow ip from 172.16.1.1 to any via any
allow ip from 172.16.1.5 to any via any
deny all
allow ip from 172.16.1.1 to any via tun0
allow ip from 172.16.1.5 to any via tun0
deny all
allow ip from 172.16.0.0:255.255.255.0 to any
deny all
allow ip from 172.16.0.0:255.255.255.0 to any via any
deny all
allow ip from 172.16.1.0:255.255.255.0 to any
deny all
allow ip from 172.16.1.0:255.255.255.0 to any via any
deny all
allow ip from 172.16.1.1:255.255.255.0 to any
allow ip from 172.16.1.5:255.255.255.0 to any
deny all
allow ip from 172.16.1.1:255.255.255.0 to any via any
allow ip from 172.16.1.5:255.255.255.0 to any via any
deny all
Any help is greatly appreciated!
Thanks, -Ken
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message