ipfw rules for low-end server??
Sergey Akifyev
asa at gascom.ru
Wed May 21 05:55:41 PDT 2003
On Wed, 2003-05-21 at 04:10, Andras Kende wrote:
> Hello All,
Hi!
> Have PIII-450, 386Mb FreeBSD 4.8 machine as natd gateway (2 NIC) for around
> 100 computers.
You call this low-end? LOL! :)))
> To minimize load on the machine which would be the best options??
>
> Should I use ipfw "dynamic" or "stateful" rules?
See below...
> Also should set to kernel with: option IPFIREWALL_VERBOSE for debugging
> purposes if needed
> but disable logging firewall_logging=NO at rc.conf ?
>
> I want to allow everything to go out, only 22tcp,80tcp 53udp and 25tcp
> (port_forwading) to in...
Actually, you don't need any ipfw rules (except for 1 divert) for such
configuration. Just configure natd, and run it with -d switch. And, as
you see, you should debug only natd, so verbose firewall is unnecessary.
--
regards,
Sergey Akifyev <asa at gascom.ru>
JSC Gascom <http://www.gascom.ru>
PGP key available from:
ftp://ftp.gascom.ru/pub/PGP-keys/asa.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030521/0faf0930/attachment.bin
More information about the freebsd-questions
mailing list