# Sample ipfw configuration for natd?



## stefarossi (Jan 13, 2013)

Hello everybody, this is my first post here. I'll do my best not to be corrected by the great DutchDaemon. :stud

I have a machine (I'll call it "firewall") with two NICs:
- bge0, connected to an "untrusted" network and to the internet, IP 192.168.1.1
- re0, connected to my network, IP 192.168.2.1

I'm already running *natd* to allow computers within my network to reach the internet. I'd like, however, to protect my network and the firewall itself.

I'd like to:
- allow every port of the firewall to be accessible from re0 (the local network)
- allow access to *sshd* from both networks
- allow passive ftp connections to the firewall and to the .2.254 network
- allow every connection from the .2.254 network and the firewall to the internet
- deny every connection from the .1.254 network to the local network

I tried to do it by myself different times to no avail. I could make passive ftp _or_ dns resolution work, but not both. :OOO

Could somebody please post a sample *ipfw* configuration to do something like that? Many thanks.


----------



## wblock@ (Jan 14, 2013)

There are sample configurations in /etc/rc.firewall.


----------



## cpm@ (Jan 14, 2013)

Interesting to read, Peter N. M. Hansteen website, author of "The Book of PF". I suggest to use pf(4) instead ipfw(4).

Check out firewall chart to see a quickly comparative of BSD firewalling options.


----------



## stefarossi (Jan 20, 2013)

Thanks everybody, I'll take a look at those.


----------



## m_zebardast (Feb 23, 2013)

If you want to learn freebsd FreeBSD firewall (ipfw) you can use m0n0wall (http://m0n0.ch/wall/), which is aimed at being a complete firewall software package with a simple and great web interface.

You can learn very fast and very easy. If you want to learn command line configurations you can use exec.php of m0n0wall.


----------

