Also sprach Christoph Prevezanos (Christoph.Prevezanos(at)Uni-Bielefeld.de):
> defaultrouter="0.0.0.1"
da habe ich -interface isp0, aber da ping geht, sollte das ok sein.
> In /etc/rc.firewall steht folgendes (laut Handbuch) :
> /sbin/ipfw -f flush
> /sbin/ipfw add divert natd all from any to any via isp0
> /sbin/ipfw add pass all from any to any
Sieth ok aus.
Ich tu mal meine config:
ifconfig_isp0="link1 0.0.0.0 0.0.0.1 down"
firewall_enable="YES" # Set to YES to enable firewall
functionality
firewall_type="/etc/firewall" # Firewall type (see
/etc/rc.firewall)
natd_enable="YES" # Enable natd if firewall_enable.
natd_interface="isp0" # Public interface to use with natd if
natd_enab
le.
natd_flags="-dynamic -f /etc/natd.conf" # Additional flags for natd.
/etc/firewall ist dann:
############
# Only in rare cases do you want to change these rules
add 100 pass all from any to any via lo0
add 200 deny all from any to 127.0.0.0/8
############
# Stop RFC1918 nets on the outside interface
#add deny all from 192.168.0.0:255.255.0.0 to any via isp0
#add deny all from any to 192.168.0.0:255.255.0.0 via isp0
add deny all from 172.16.0.0:255.240.0.0 to any via isp0
add deny all from any to 172.16.0.0:255.240.0.0 via isp0
add deny all from 10.0.0.0:255.0.0.0 to any via isp0
add deny all from any to 10.0.0.0:255.0.0.0 via isp0
############
# Allow TCP through if setup succeeded
add pass tcp from any to any established
############
# Allow setup of incoming email
add pass tcp from any to 0.0.0.0:0.0.0.0 25 setup
############
# Allow access to our DNS
# No
# $fwcmd add pass tcp from any to ${oip} 53 setup
############
# Starcraft -- start natd with -redirect_port!
add pass tcp from any to any 6112 setup
add pass udp from any to any 6112
##########
# BO und netbus (for fakebo)
add pass tcp from any to 0.0.0.0/0 12345 setup
add pass udp from any to any 31337
#############
# Allow DNS queries out in the world
add pass udp from any 53 to any via isp0
add pass udp from any to any 53 via isp0
#############
# identd
add pass tcp from any to 0.0.0.0/0 113 setup
add pass udp from any to any 113
#############
# SAFT
add pass tcp from any to 0.0.0.0/0.0.0.0 487 setup
#############
# IRCNet Servers are checking if your SOCKS Port is open
add reject tcp from any to 0.0.0.0/0.0.0.0 1080 setup
#############
# HTTP
add pass tcp from any to 0.0.0.0/0.0.0.0 80 setup
# Reject&Log all setup of incoming connections from the outside
add deny log tcp from any to any in via isp0 setup
meine /etc/natd.conf
root(at)neutron ~ $ cat /etc/natd.conf
redirect_port tcp 192.168.0.10:6112 6112
redirect_port udp 192.168.0.10:6112 6112
redirect_port tcp 192.168.0.10:113 113
Alex
To Unsubscribe: send mail to majordomo(at)de.FreeBSD.org
with "unsubscribe de-bsd-questions" in the body of the message
Received on Thu 17 Feb 2000 - 16:49:07 CET