firewall.7 - OpenGrok cross reference for /freebsd/share/man/man7/firewall.7

Lines Matching +full:assigned +full:- +full:addresses
36 IP addresses and to isolate services such as NFS or SMBFS (Windows
47 office T1 (1.5 MBits/s), you may wish to bandwidth-limit all other
57 firewalls may be used to divert packets or change the next-hop
78 to get certain types of ICMP errors to function properly - for
141 .Sh SAMPLE IPFW-BASED FIREWALL
142 Here is an example ipfw-based firewall taken from a machine with three
146 on this LAN are dual-homed with both internal 10.\& IP addresses and
147 Internet-routed IP addresses.
149 the Internet-routed IP block while 10.x.x.x represents the internal
152 assigned as the internal address block for the LAN on fxp0, 10.0.2.x
157 internal addresses access to the Internet through a NAT gateway running
160 is given two Internet-exposed addresses on fxp0 in addition to an
166 on the exposed LAN internal 10.0.0.x addresses as well as exposed
167 addresses.
169 to internal addresses even on exposed machines and still protect
172 exposed IP addresses would be the ones you wish to expose to the
181 internal IP addresses (10.0.0.x).
188 Finally, note that the use of internal addresses represents a
193 .Bd -literal
203 # a larger port range for local-size binding.  4000-10000 or 4000-30000
209 .Bd -literal
218 # 192.100.5.x represents IP addresses exposed to the Internet
225 #   FIREWALL -->[LAN2]
229 #      +--> exposed host A
230 #      +--> exposed host B
231 #      +--> exposed host C
239 # all packets with source IP addresses in the 10. block in order
240 # to protect the dual-homed 10.0.0.x block.  Exposed hosts are
241 # not otherwise protected in this example - they should only bind
246 # IP addresses to external IP addresses and routing them to natd, which
253 # of course do not have to route internal<->internal traffic through
256 # also the in-kernel version of natd, ipnat.
258 #	natd -s -u -a 208.161.114.67
324 # spoof-proof internal IP addresses (10. net), so these rules
329 # If we want to expose high-numbered temporary service ports
331 # in this example 4000-65535, and we set to /etc/rc.conf variables
335 add 02000 allow udp from any to any 4000-65535,domain,ntalk,ntp
339 # services bound to exposed addresses.  NOTE: we allow 'auth'
351 add 03000 allow tcp from any to any 4000-65535,ssh,smtp,domain,ntalk
352 add 03000 allow tcp from any to any auth,pop3,ftp,ftp-data
360 #					packet-too-big)
362 #	5	Redirect (typically not allowed - can be dangerous!)
384 We have mentioned multi-homing hosts and binding services to internal or
385 external addresses but we have not really explained it.
387 host with multiple IP addresses assigned to it, you can bind services run
391 and two exposed IP addresses
393 IP addresses (10.0.0.1, 10.0.1.1, 10.0.2.1, 192.100.5.5, and say
422 .Bl -tag -width indent