Firewall query

Paul Civati paul at xciv.org
Thu Apr 18 12:24:56 BST 2002


Paul Truran <paul at truran.net> wrote:

> I am currently running a FreeBSD 4.5 box as an internet gateway to
> my cable modem. 

Presumably you are implementing some kind of NAT via ipfw or ipf?

> So basically, how do I ensure that the internal network can access
> the samba shares, but people on the internet cannot? 

I would suggest implementing packet filtering in addition to your NAT,
so that only your internal hosts have access to resources on your
gateway machine.

> I'm pretty sure of what I need to do, but I thought I had better double
> check, as I don't really wan't all my data open to all and sundry on
> the internet.  Given that my internal card is xl0 and the one connected
> to the cable modem is fxp0, what do I need to do to my firewall to
> ensure that the SMB shares can only be access via my internal network?

See <URL:http://www.xciv.org/byhsi/>, a tutorial I wrote on how to
set up an OpenBSD NAT gateway to a Blueyonder (Telewest) cable modem.

The concepts should be applicable to FreeBSD, much so if you are using
ipf rather than ipfw.

-Paul-






More information about the Ukfreebsd mailing list