Abdul Wajid wrote:Anyone please tell me how to I do this?
have you read the
handbook? freebsd ships with three firewall systems, each well documented and with sample configuration files.
Code: Select all
# MAC and IP binding...
iptables -A INPUT -i eth0 -s 192.168.1.2 -p all -m mac --mac-source 00:ff:ee:00:ff -j ACCEPT
assuming you use ipfw (and the handbook will show you how to enable that both with and without recompiling your kernel) you'll need to write rules or run commands like
Code: Select all
# out
ipfw add allow ip from 192.168.1.2 to any MAC any 00:ff:ee:00:ff
# in
ipfw add allow ip from any to 192.168.1.2 mac 00:ff:ee:00:ff any
however, i've never done this myself. you'll also need to place
in /etc/sysctl.conf to make ipfw inspect layer 2 packets.
if you use pf instead, you'll need to use some other setup. i recommend looking at authpf.
Code: Select all
# Enable port forwarding...
echo 1 > /proc/sys/net/ipv4/ip_forward
that does
not enable port forwarding.
the freebsd equivalent is to put
in /etc/rc.conf or
in /etc/sysctl.conf and reboot. alternate: type
Code: Select all
sysctl -w net.inet.ip.forwarding=1
Code: Select all
# Enable Internet Connection Sharing...
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -o ppp0 -j MASQUERADE
that depends on which firewall you use. if you use pf, an example is even given for this in the sample config file:
Code: Select all
nat on eth0 from 192.168.1.0/24 to any -> ppp0
if you use ipfw, read the extremely detailed, step-by-step guides for using natd in the handbook.
Code: Select all
# Redirect http request to Proxy
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
with pf, it's something like
Code: Select all
rdr on ppp0 proto tcp from any to any port 80 -> 127.0.0.1 port 3128
with ipfw,
Code: Select all
ipfw add fwd 127.0.0.1,3128 tcp from any to any 80
Code: Select all
# Block incoming request from Internet...
iptables -A INPUT -i ppp0 -p tcp --destination-port 0:1023 -j DROP
with pf
Code: Select all
block in on ppp0 from any to ppp0 port 0:1023
with ipfw
Code: Select all
ipfw add deny tcp from any to ppp0 0-1023
(untested)
Code: Select all
# Enable Established and Related Traffic only...
iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
both pf and ipfw support stateful inspection. read the docs.
Code: Select all
# Drop icmp packets
iptables -A INPUT -i ppp0 -p icmp -j DROP
pf:
ipfw:
Code: Select all
ipfw add deny icmp from any via ppp0