Securing BSD as firewall
Nathan Yerian
First, a little background info:
A while back, on the advice of a co-worker, I started using a
FreeBSD-based PC as a harware firewall to my cable modem. A couple days ago,
I was perusing the system logs and noticed a bunch of rejected attempts to
ftp into my firewall from IP addresses in France, a few in Poland, and a
couple others I didn't bother to look up. Most were accompanied by a message
that the login was rejected, but not all were.
Question:
How do I bind services to one network interface, but not the other?
I want to be able to telnet and ftp to the firewall from within my
network (on vr1) but I would like to disable ALL services on the other
(vr0).
Lowell Gilbert
necessarily get much help here (in comp.unix.bsd.freebsd).
See http://www.freebsd.org/support.html for better ideas...
[followups redirected accordingly]
"Nathan Yerian" <nye...@comcast.net> writes:
This is called "packet filtering," and is usually the first thing that
people mean when they talk about building a firewall. The FreeBSD
Handbook has a whole chapter on it; I suggest starting there.