FreeBSD NAT Issue

Taking care of your Linux box.

FreeBSD NAT Issue

Postby Learner » Fri Jul 23, 2010 10:41 pm

Dear All

I am using FreeBSD 6.3-RELEASE, Sendmail & SQUID 2.7.STABLE6, on one machine with following enabled in /etc/rc.conf for NAT and Firewall

ipfilter_enable="YES"
ipnat_enable="YES"
ipmon_enable="YES"
ipfs_enable="YES"

for NAT another file /etc/ipnat.rules

map em0 172.16.0.0/23 -> 0/32
rdr fxp0 0/0 port 80 -> 127.0.0.1 port 8080 tcp

em0 (is connected to DSL with Public Static IP) and
fxp0 (is connected to LAN with Private Static IP).

All of my traffic on LAN interface is directly forwarded to WAN Interface. Due to which in case of Virus Attack & SPAMs all the traffic is directly forwarded on internet, and Static IPs configured get black listed on the web.

Kindly guide, how can I block the attacks to pass on from my network to the internet.

As this is Proxy and Mail Server so how can I only allow NAT for 80 Port Traffic, for 21 port for FTP and what configuration is required for Mail Server.
Thanks & Regards


Muhammad Ali
Learner
Lance Naik
 
Posts: 41
Joined: Wed Nov 08, 2006 2:40 am

Postby lambda » Thu Jul 29, 2010 12:28 am

allow only the ports you want to pass through:

Code: Select all

map em0 172.16.0.0/23 -> 0/32 proxy port ftp ftp/tcp
map em0 from 172.16.0.0/23 port = 25 to any -> 0/32
rdr fxp0 0/0 port 80 -> 127.0.0.1 port 8080 tcp
(untested)

read the guide.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore


Return to “%s” Administration

Who is online

Users browsing this forum: No registered users and 1 guest

cron