Hi
Background:
I have four machines (one desktop, three laptops) on a home LAN network. The desktop and one of the laptops (FreeBSD 9) are patched in to my home router via ethernet. The remaining laptops connect to the internet wirelessly. The laptop with FreeBSD 9 installed is acting as a public webserver using port forwarding and NAT. Hence I can access my webserver both locally and via the public internet.
On my FreeBSD 9 laptop machine and in file: /etc/rc.conf
Hence my external interface is: re0
I'm experimenting with firewalls since my webserver is now publicly accessible from the internet. My first attempt with PF failed.
From: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html
I'm not sure if the above really applies to me. I'm not using my FreeBSD box to act as a switch to my LAN. Instead, all laptops (and the desktop) connect to the router independently either wirelessley or ethernet as is the case for the desktop and webserver.
I thought this sounded a little more realistic:
Ive tried PF, installed OK, and even rebuilt a custom kernel with support for ALTQ. Using PF and rules from this tutorial:
http://home.nuug.no/~peter/pf/en/long-firewall.html#PREFACE
my /etc/pf.conf would look like:
This locks me out however - I can't access the webserver from inside the LAN and webpages didn't load upon browser refresh. I didn't attempt it externally i.e. from the public internet.
I will have a second attempt of course, but could use a little advice on a simple ruleset (easiest to implement for a novice eg. PF or IPF) for a single machine home webserver connected to a router with port forwarding and public internet access.
Thanks in advance.
Background:
I have four machines (one desktop, three laptops) on a home LAN network. The desktop and one of the laptops (FreeBSD 9) are patched in to my home router via ethernet. The remaining laptops connect to the internet wirelessly. The laptop with FreeBSD 9 installed is acting as a public webserver using port forwarding and NAT. Hence I can access my webserver both locally and via the public internet.
On my FreeBSD 9 laptop machine and in file: /etc/rc.conf
Code:
ifconfig_re0="inet 192.168.0.5 netmask 255.255.255.0"
default_router="192.168.0.1"
Hence my external interface is: re0
I'm experimenting with firewalls since my webserver is now publicly accessible from the internet. My first attempt with PF failed.
From: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html
With NAT only a single account is needed with your ISP. The other four PCs may then be cabled to a switch and the switch to the NIC in your FreeBSD system which is going to service your LAN as a gateway. NAT will automatically translate the private LAN IP address for each separate PC on the LAN to the single public IP address as it exits the firewall bound for the public Internet. It also does the reverse
translation for returning packets.
I'm not sure if the above really applies to me. I'm not using my FreeBSD box to act as a switch to my LAN. Instead, all laptops (and the desktop) connect to the router independently either wirelessley or ethernet as is the case for the desktop and webserver.
I thought this sounded a little more realistic:
Alternatively, a firewall might be configured to protect only the system it is running on--this is called a “host based firewallâ€, and is particularly appropriate for servers on an untrusted network
Ive tried PF, installed OK, and even rebuilt a custom kernel with support for ALTQ. Using PF and rules from this tutorial:
http://home.nuug.no/~peter/pf/en/long-firewall.html#PREFACE
my /etc/pf.conf would look like:
Code:
block all
tcp_services = "{ ssh, smtp, domain, www, pop3, auth, pop3s }"
udp_services = "{ domain }"
pass out proto tcp to port $tcp_services
pass proto udp to port $udp_services
This locks me out however - I can't access the webserver from inside the LAN and webpages didn't load upon browser refresh. I didn't attempt it externally i.e. from the public internet.
I will have a second attempt of course, but could use a little advice on a simple ruleset (easiest to implement for a novice eg. PF or IPF) for a single machine home webserver connected to a router with port forwarding and public internet access.
Thanks in advance.