Hello everyone,
Experimenting IPFW, I would really appreciate some help to improve my abilities !
I actually know how to use it as a workstation firewall, but now, I would like to learn how to use it as an easy full firewall (just for experimenting).
Here is an easy network map describing what I’m doing :
Here is what I do on the IPFW firewall (it’s a FreeBSD mini-PC) :
Here is what I do on the Laptop :
Question :
- I understand that the firewall has to be a gateway (so gateway_enable=YES in /etc/rc.conf)
- I also understand that there is a need of NAT ability (so firewall_nat_enable=YES)
But, from the laptop, if I succeed in pinging the IPFW with ipfw firewall started (service ipfw start), I don’t succeed in sending a ping to 1.1.1.1 (for example). I tried to look at fwd and nat commands.. I don’t find.
Traffic is not relayed by the IPFW server.
How do you do that ? Is that possible ?
Someone can help me ?
I did not find how to do this. I found for NAT dest, but not for that.
Thank you very much for your help in advance,
It's always really appreciated !
Experimenting IPFW, I would really appreciate some help to improve my abilities !
I actually know how to use it as a workstation firewall, but now, I would like to learn how to use it as an easy full firewall (just for experimenting).
Here is an easy network map describing what I’m doing :
Here is what I do on the IPFW firewall (it’s a FreeBSD mini-PC) :
Code:
# NETWORK
sysrc ifconfig_ue0="DHCP"
sysrc ifconfig_ue1="inet 172.16.0.254 netmask 255.255.255.0“
# FIREWALL
sysrc firewall_enable="YES” firewall_script="/etc/regles-ipfw.sh” firewall_nat_enable="YES”
# GATEWAY
sysrc gateway_enable="YES
# FIREWALL SCRIPT :
vi /etc/regles-ipfw.sh
#!/bin/sh
#
ipfw -q -f flush
cmd="ipfw -q add”
#
WAN="ue0“
LAN1="ue1“
#
$cmd 101 check-state
#
# GO OUT
$cmd 110 allow tcp from any to any out via $WAN setup keep-state
$cmd 111 allow udp from any to any out via $WAN keep-state
$cmd 112 allow icmp from any to any out via $WAN keep-state
#
# FROM IPFW TO LAN1
$cmd 113 allow icmp from any to any out via $LAN1 keep-state
#
# FROM LAN1 TO IPFW
$cmd 114 allow icmp from any to any in via $LAN1
#
# ESC :wq
service ipfw startHere is what I do on the Laptop :
Code:
ifconfig re1 inet 172.16.0.1 netmask 255.255.255.0
route add default 172.16.0.254Question :
- I understand that the firewall has to be a gateway (so gateway_enable=YES in /etc/rc.conf)
- I also understand that there is a need of NAT ability (so firewall_nat_enable=YES)
But, from the laptop, if I succeed in pinging the IPFW with ipfw firewall started (service ipfw start), I don’t succeed in sending a ping to 1.1.1.1 (for example). I tried to look at fwd and nat commands.. I don’t find.
Traffic is not relayed by the IPFW server.
How do you do that ? Is that possible ?
Someone can help me ?
I did not find how to do this. I found for NAT dest, but not for that.
Thank you very much for your help in advance,
It's always really appreciated !
