[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipfw vs ipchains

To: Antonio Godinho <antonio at nambu.uem.mz>
Subject: Re: ipfw vs ipchains
From: Brian Candler <B.Candler at pobox.com>
Date: Mon, 4 Feb 2002 15:45:36 +0000
Cc: afnog at afnog.org
Content-Disposition: inline
Content-Type: text/plain; charset=us-ascii
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog-outgoing at afnog.org
Delivered-To: afnog at afnog.org
In-Reply-To: <7569AA57ED at nambu.uem.mz>; from antonio at nambu.uem.mz on Mon, Feb 04, 2002 at 04:26:14PM +0000
References: <000401c1abe3$81199d70$6601a8c0 at shell.cd>; <20020204101239.A6629 at linnet.org> <7569AA57ED at nambu.uem.mz>
Sender: owner-afnog at afnog.org
User-Agent: Mutt/1.2.5i

On Mon, Feb 04, 2002 at 04:26:14PM +0000, Antonio Godinho wrote:
> I have used this way in FreeBSD, but I compiled the kernel with :
> 
> options IPFIREWALL
> options IPFIREWALL_FORWARD
> options IPDIVERT
> options IPSTEALTH
> 
> Is there any problem with that?

Nope, the two you definitely ened are IPFIREWALL and IPDIVERT.

As it happens I'm just playing with ipfilter now, I might post some notes
later...

> 
> Cheers,
> 
> 
> 
> > On Sat, Feb 02, 2002 at 01:12:18PM +0100, Didier Kasole wrote:
> > >    what is the equivalent using ipfw on freeBSD box?
> > 
> > One way is as follows:
> > 
> > (in /etc/rc.conf)
> > 
> > natd_enable="YES"
> > natd_interface="xl0"        -- or whatever your 'outside' interface is
> > firewall_enable="YES" firewall_type="OPEN"
> > 
> > Plus compile your kernel with:
> > 
> > options         IPFIREWALL
> > options         IPFIREWALL_VERBOSE
> > options         IPFIREWALL_DEFAULT_TO_ACCEPT
> > options         IPDIVERT
> > 
> > The second and third are optional: VERBOSE allows logging, and
> > DEFAULT_TO_ACCEPT makes it harder to lock yourself out of the machine
> > by flushing the firewall rules and leaving DENY ALL.
> > 
> > This only works for ethernet uplinks; if you are running ppp as your
> > uplink, use the nat flags to ppp instead (not pppd)
> > 
> > The second way is to use ipfilter which has a separate NAT
> > configuration. I have not used it, but it has the advantage of being
> > compatible with ipfilter under Solaris. See 'man ipf' and for more
> > documentation, go to http://freshmeat.net/ and search on 'ipfilter'
> > 
> > B.
> > 
> > -----
> > This is the afnog mailing list, managed by Majordomo 1.94.5
> > 
> > To send a message to this list, e-mail afnog at afnog.org
> > To send a request to majordomo, e-mail majordomo at afnog.org and put
> > your request in the body of the message (i.e use "help" for help)
> > 
> > This list is maintained by owner-afnog at afnog.org
> > 
> 
> 
> 
> Antonio Godinho
> B.Sc., MCP, MCP+Internet, MCSE, CCNA
> Address:Av. Julius Nyerere 947 3rd floor esq 
> Maputo - Mozambique
> Phone  : 258-82-300392
> e-mail : ANTONIO at nambu.uem.mz
> 
>                      
> 

-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

Follow-Ups:
- Re: ipfw vs ipchains
  - From: Brian Candler <B.Candler at pobox.com>

References:
- ipfw vs ipchains
  - From: "Didier Kasole" <didier at cs-net.cd>
- Re: ipfw vs ipchains
  - From: Brian Candler <B.Candler at pobox.com>
- Re: ipfw vs ipchains
  - From: "Antonio Godinho" <antonio at nambu.uem.mz>
- Re: ipfw vs ipchains
  - From: "Antonio Godinho" <antonio at nambu.uem.mz>

Prev by Date: Re: ipfw vs ipchains
Next by Date: Re: ipfw vs ipchains
Prev by thread: Re: ipfw vs ipchains
Next by thread: Re: ipfw vs ipchains
Index(es):
- Date
- Thread