Hello everybody, this is my first post here. I'll do my best not to be corrected by the great DutchDaemon. :stud
I have a machine (I'll call it "firewall") with two NICs:
- bge0, connected to an "untrusted" network and to the internet, IP 192.168.1.1
- re0, connected to my network, IP 192.168.2.1
I'm already running natd to allow computers within my network to reach the internet. I'd like, however, to protect my network and the firewall itself.
I'd like to:
- allow every port of the firewall to be accessible from re0 (the local network)
- allow access to sshd from both networks
- allow passive ftp connections to the firewall and to the .2.254 network
- allow every connection from the .2.254 network and the firewall to the internet
- deny every connection from the .1.254 network to the local network
I tried to do it by myself different times to no avail. I could make passive ftp or dns resolution work, but not both. :OOO
Could somebody please post a sample ipfw configuration to do something like that? Many thanks.
I have a machine (I'll call it "firewall") with two NICs:
- bge0, connected to an "untrusted" network and to the internet, IP 192.168.1.1
- re0, connected to my network, IP 192.168.2.1
I'm already running natd to allow computers within my network to reach the internet. I'd like, however, to protect my network and the firewall itself.
I'd like to:
- allow every port of the firewall to be accessible from re0 (the local network)
- allow access to sshd from both networks
- allow passive ftp connections to the firewall and to the .2.254 network
- allow every connection from the .2.254 network and the firewall to the internet
- deny every connection from the .1.254 network to the local network
I tried to do it by myself different times to no avail. I could make passive ftp or dns resolution work, but not both. :OOO
Could somebody please post a sample ipfw configuration to do something like that? Many thanks.