My idea is make a firewall for my office,pretty simple
1)block all traffic from the LAN to the proxy,and from the outside
2)permit some ports from the LAN to the proxy(ssh,squid,etc)
3)permit some ports from the WAN to the proxy(ssh)
so far i made this:
so,until now i can forward traffic from the LAN to the proxy,and deny/access
ports from the WAN to the proxy(ssh).
the machines in the lan has set up as gateway the proxy.
but everything pass to the proxy(any port,web,torrent,etc)
1)block all traffic from the LAN to the proxy,and from the outside
2)permit some ports from the LAN to the proxy(ssh,squid,etc)
3)permit some ports from the WAN to the proxy(ssh)
so far i made this:
Code:
#external
ext="bce0"
#internal
int="bce1"
ports="(53,3128,80,443)"
ports-udp="(53)"
nat on $ext inet from !(ext) -> ($ext)
set skip on lo0
block in on $ext all
#if i use this the LAN traffic is not allowed,not even with the pass in rule
#block in on $int all
pass in on $int inet proto tcp from any to any port $ports keep state
pass in on $int inet proto udp from any to any port $ports-udp
pass in on $ext inet proto tcp from any to any port 22 keep state
pass out on $ext inet proto tcp from any to any port $ports keep state
pass out on $ext inet proto udp from any to any port $ports-udp
pass in on $ext proto icmp
pass in on $int proto icmp
so,until now i can forward traffic from the LAN to the proxy,and deny/access
ports from the WAN to the proxy(ssh).
the machines in the lan has set up as gateway the proxy.
but everything pass to the proxy(any port,web,torrent,etc)
Last edited by a moderator: