Slashdot Mirror

← Back to Stories (view on slashdot.org)

NetBSD/i386 Firewall

Posted by Nik on from the NP:-"Faith-healer-(Fish)" dept.

DreamerFi writes, "NetBSD/i386 Firewall is a free firewall solution for people with a permanent Internet connection. This includes most users of cable or ADSL services, but also businesses with leased lines. The version that went up this weekend also supports folks who get their IP through DHCP, instead of just fixed IP addresses. The maintainers will now start to look at adding services like Web, mail, etc., just like the IBM Interjet that recently featured on Slashdot, so this is the time to get your feature requests in! "

6 comments

  1. Re:NAT? by Anonymous Coward · · Score: 0

    Check out this link in the FreeBSD Diary... IP NAT info http://www.freebsddiary.org/ipnat.html

  2. multiple instances of services possible? by Anonymous Coward · · Score: 0

    If a single static IP were assigned to a DSL router such as this one, is there a way to allow multiple instances of a single service through, either by ip range or specific ip?

    For instance... if two people wanted to run PCAnywhere through their office DSL line with only a single IP (ie 10.0.0.1), am I able to point home user #1 (ie 192.168.0.1) to a particular pcanywhere computer behind the firewall while home user #2 (ie 172.0.0.1) is pointed to yet another pcanywhere system behind the same firewall?

    Any help is appreciated.

  3. NAT? by Phexro · · Score: 1

    Could someone with experience with the *BSD NAT implementation(s) post some info - or a link to info about it? I've had good success with the Linux 2.0/2.2 NAT/IPMASQ, and the loadable modules to support NAT-unfriendly protocols are good, but I wonder if there is a better way.

    For example, you must manually specify additional FTP ports to masquerade if you want to access FTP servers on a port other then 21.

    Also, with my DSL setup, I only get one IP, which goes to the Cisco 675 DSL Router. This means that no matter what, I have to use the crappy NAT on the Cisco, which breaks some things. The Linux IPMASQ modules also assume that the IP of the interface the masqueraded packets go out on is the IP they will come back to - not so with the aforementioned setup. So sometimes FTP breaks, and I can't do DCC sends on IRC, etc.

    Of course, the real answer is a real external IP for at least one of my Linux boxes, but USWest (my DSL provider) does not give static IPs to home users, only to business customers. And business accounts are around $100/mo - way more than I want to be paying for a net connetion.

    1. Re:NAT? by hubertf · · Score: 1

      AFAIK all three BSDs use Darren Reed's IPfilter.
      Some Links:

      * IP Filter Based Firewalls HOWTO
      -> http://www.obfuscation.org/ipf/ipf-howto.txt
      * IPfilter
      -> http://coombs.anu.edu.au/ipfilter/

      - Hubert

  4. PicoBSD by Bryan+Andersen · · Score: 2

    Reminds me of PicoBSD which is bassed off of FreeBSD.

  5. OpenBSD NAT by pope+nihil · · Score: 1

    http://www.openbsd.org/faq/faq6.html#6.3

    check that out.