hello,i'am a newbie in ipfw, the scenario is this:
i have a server that run 2 network interfaces,in the future it will be a squid proxy..but for now,
step by step....
the lan is 192.168.50.0 (bce1)
the wan if 200.xxx.xxx.xxx (bce0)
so far i got this
but from a notebook in the LAN i cant access nothing(ping to web address,etc)
rules #505 to 50
But if I use
i got access to everything from the LAN, but i dont want this
is give access to everyone to all...
i only want to share internet with the local LAN
i have a server that run 2 network interfaces,in the future it will be a squid proxy..but for now,
step by step....
the lan is 192.168.50.0 (bce1)
the wan if 200.xxx.xxx.xxx (bce0)
so far i got this
Code:
ipfw -f flush
ipfw add 497 check-state
ipfw add 498 divert natd via bce0
ipfw add 499 allow tcp from any to any established
ipfw add 500 allow tcp from any to any via bce1
ipfw add 501 allow tcp from any to any via lo0
#ssh access from outside
ipfw add 502 allow tcp from any to any 26971 in via bce0 keep-state
#web access
ipfw add 503 allow tcp from any to any 80 out via bce0 keep-state
ipfw add 504 allow tcp from any to any 443 out via bce0 keep-state
#icmp from lan
ipfw add 505 allow tcp from any to any 53 in via bce1 keep-state
ipfw add 506 allow udp from any to any 53 in via bce1 keep-state
#web access from lan
ipfw add 507 allow tcp from any to any 80 in via bce1 keep-state
ipfw add 508 allow tcp from any to any 443 in via bce1 keep-state
#this icmp only permits me ping from the LAN to the outside only with IP address
ipwd add 509 allow icmp from any to any
but from a notebook in the LAN i cant access nothing(ping to web address,etc)
rules #505 to 50
But if I use
Code:
ipfw add xxx allow ip from any to any keep-state
is give access to everyone to all...
i only want to share internet with the local LAN