[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipfw vs ipchains
Hi,
I have used this way in FreeBSD, but I compiled the kernel with :
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPDIVERT
options IPSTEALTH
Is there any problem with that?
Cheers,
> On Sat, Feb 02, 2002 at 01:12:18PM +0100, Didier Kasole wrote:
> > what is the equivalent using ipfw on freeBSD box?
>
> One way is as follows:
>
> (in /etc/rc.conf)
>
> natd_enable="YES"
> natd_interface="xl0" -- or whatever your 'outside' interface is
> firewall_enable="YES" firewall_type="OPEN"
>
> Plus compile your kernel with:
>
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_DEFAULT_TO_ACCEPT
> options IPDIVERT
>
> The second and third are optional: VERBOSE allows logging, and
> DEFAULT_TO_ACCEPT makes it harder to lock yourself out of the machine
> by flushing the firewall rules and leaving DENY ALL.
>
> This only works for ethernet uplinks; if you are running ppp as your
> uplink, use the nat flags to ppp instead (not pppd)
>
> The second way is to use ipfilter which has a separate NAT
> configuration. I have not used it, but it has the advantage of being
> compatible with ipfilter under Solaris. See 'man ipf' and for more
> documentation, go to http://freshmeat.net/ and search on 'ipfilter'
>
> B.
>
> -----
> This is the afnog mailing list, managed by Majordomo 1.94.5
>
> To send a message to this list, e-mail afnog at afnog.org
> To send a request to majordomo, e-mail majordomo at afnog.org and put
> your request in the body of the message (i.e use "help" for help)
>
> This list is maintained by owner-afnog at afnog.org
>
Antonio Godinho
B.Sc., MCP, MCP+Internet, MCSE, CCNA
Address:Av. Julius Nyerere 947 3rd floor esq
Maputo - Mozambique
Phone : 258-82-300392
e-mail : ANTONIO at nambu.uem.mz
-----
This is the afnog mailing list, managed by Majordomo 1.94.5
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org