Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Nickolay A. Kritsky (nkritskyinternethelp.ru)
Date: Wed Apr 03 2002 - 10:53:53 CST
Wednesday, April 03, 2002, 8:16:31 PM, you wrote:
A> i am somewhat new at fbsd, and i am setting up a firewall for a network. I
A> have a question about configuring three nics to handle dmz stuff along with
A> the internal network.
A> here is my setup:
INTERNET ->> [oif=vr0 184.108.40.206] -> [iif1=xl0 10.10.0/24] -> NETWORK
A> [iif2=rl0 10.10.1/24] -> DMZ (Webserver/Email/FTP)
A> Here is how my configuration is setup:
A> I have IPFW built into the kernel. Right now I have built my own
A> rc.firewall file and am using that. I also have natd running and enabled in
A> I guess I don't know what else you would need, if you want me to send along
A> my configurations I can do that.
A> Here is my question. How do I redirect incoming packets that want to go to
A> my website to my DMZ side of the network? I have read about -redirect_port
A> | -redirect_address but really don't understand how that will filter the
A> traffic. I need to read a little more but thought maybe somebody on this
A> could give me some direction.
maybe an example will help you.
if you add following line to your natd.conf file:
redirect_port tcp 10.0.1.1:25 220.127.116.11:25
then all tcp traffic coming to your box, port 25 from internet will be
forwarded to machine 10.0.1.1 port 25 (in DMZ network).
A> I guess I should simplify the question. How do i route traffic that is
A> trying to reach my website? How do I specify the correct traffic? Can I
A> use a host name instead of an ip address in natd configurations?
yes, you can use host names and port names along with numeric
A> Sorry if this is too much, I hope I have layed out my question so that you
A> can help me. Please respond to the group with any direction you could give
A> Thank you,
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message