Dear all,
I have a question, hope anybody can help me! My network schema is fairly simple:
From external (internet) I want access to a PC in my LAN by web (HTTP). I configured forward inbound port 80 on the load balancer to that PC already. But I don't know how to allow this traffic on FreeBSD.
Here are some of rules on my ipfw.rules file:
Here is my code used to allow HTTP traffic through this firewall. I insert this code below line
And this line in bridge filters:
But it does not work
I know this code is wrong,pls please help me to figure out this issue?
PS: I'm a newbie and English is a foreign language.
Many thanks!
Hai Hoang
I have a question, hope anybody can help me! My network schema is fairly simple:
Code:
Internet -> Load balancer (use pfSense) -> FreeBSD (bridge filter) -> LANHere are some of rules on my ipfw.rules file:
Code:
# Variables
fwcmd="/sbin/ipfw" # IPFW command
iif="rl0" # Internal network interface (if) (tags 1)
eif="rl1" # External network interface (if) (tags 2)
lif="lo0" # Local network interface
bif="bridge0" # Bridge virtual network interface
subnet="192.168.2" # The wired subnet
# Allow all the previously allowed traffic (outgoing)
${fwcmd} add allow tagged 1 out via ${eif} # INT->EXT
${fwcmd} add allow tagged 2 out via ${iif} # EXT->INT
# Filters for INT->EXT direction
${fwcmd} ... # deny subnet
${fwcmd} ... # deny RFC 1918
${fwcmd} add allow tag 1 ip from ${subnet}.5 to any via ${iif} # server
${fwcmd} add allow tag 1 ip from ${subnet}.128/25 to any via ${iif} # network
# Filters for EXT->INT direction
${fwcmd} ... # deny subnet
${fwcmd} ... # deny RFC 1918
${fwcmd} add allow tag 2 ip from any to ${subnet}.128/25 via ${eif} # allow internet (network)
${fwcmd} add allow tag 2 ip from any to ${subnet}.5 via ${eif} # allow internet (server)
# End of local and direction filters
${fwcmd} add skipto 65534 all from any to any not via ${bif}
# Bridge filters (content filters)
${fwcmd} add check-state via ${bif} # check for dynamic rules
${fwcmd} add deny ip from ${subnet}.0/24 to ${subnet}.0/24 via ${bif} # deny subnet
${fwcmd} add allow tcp from ${subnet}.128/25 to any setup keep-state via ${bif} # allow TCP internet (network)
${fwcmd} add allow udp from ${subnet}.128/25 to any keep-state via ${bif} # allow UDP internet (network)
${fwcmd} add allow tcp from ${subnet}.5 to any setup keep-state via ${bif} # allow TCP internet (sibserver1)
${fwcmd} add allow udp from ${subnet}.5 to any keep-state via ${bif} # allow UDP internet (sibserver1)
${fwcmd} add allow icmp from ${subnet}.128/25 to any icmptypes 8,30 via ${bif} # allow ping and traceroutes to internet from network
${fwcmd} add allow icmp from any to ${subnet}.128/25 icmptypes 0,3 via ${bif} # allow ping and traceroutes replies from internet to networkHere is my code used to allow HTTP traffic through this firewall. I insert this code below line
Code:
# Filters for EXT->INT direction
Code:
${fwcmd} add allow tag 2 ip from any to ${subnet}.200 via ${eif}And this line in bridge filters:
Code:
${fwcmd} add allow tcp from any to ${subnet}.200 setup dst-port 80 keep-state via ${bif}But it does not work
I know this code is wrong,
PS: I'm a newbie and English is a foreign language.
Many thanks!
Hai Hoang