Re: ipfw or ipf w/stateful behavior

From: Fernando Gleiser (fgleiser_at_cactus.fi.uba.ar)
Date: 08/04/03

  • Next message: Bruce M Simpson: "Re: Forensics CD Toolkit for FreeBSD"
    Date: Mon, 4 Aug 2003 12:00:48 -0300 (ART)
    To: michael <michael@nettmail.de>
    
    

    On Sun, 3 Aug 2003, michael wrote:

    > well, back to the essentials:
    >
    > under linux can i load a kernelmodule for masquerading ftp-connections and
    > this allows me to close any port from outside except the ports for
    > Management or administration. these make the firewall secure enaugh.

    with ipf/ipnat there's a built-in ftp proxy, just add

    map xl0 192.168.0.0/24 -> <externalip> proxy port ftp ftp/tcp

    to the top of your ipnat.rules file. Change the IPs and interface
    to meet your setup.

    >
    > May under FreeBSD it give no KLD_MODULE that solve the problem with ftp/or
    > irc.

    The above line is the ipf's equivalent of the linux module.

                                    Fer

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Bruce M Simpson: "Re: Forensics CD Toolkit for FreeBSD"

    Relevant Pages