LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   *BSD (https://www.linuxquestions.org/questions/%2Absd-17/)
-   -   PF - design/configure firewall for network using ADSL connection -- please help me (https://www.linuxquestions.org/questions/%2Absd-17/pf-design-configure-firewall-for-network-using-adsl-connection-please-help-me-334153/)

b:z 06-16-2005 06:01 AM
PF - design/configure firewall for network using ADSL connection -- please help me
 
PF - design/configure firewall for network using ADSL connection

I have some problem when build my firewall on openbsd 3.7
Here is my network diagram:

{Internet}------{ADSL modem}----{openbsd-gateway}-----{localnetwork}---{win2k3}

Detail:
---Internet---
ip: Dynamic IP
type: ADSL connection

---modem ADSL---
ip: 192.168.3.254/24

---openbsd-gateway---
+ interface
- xl0: connect to modem ADSL, ip: 192.168.3.10/24
- xl1: connect to localnetwork, ip: 192.168.2.10/24
+ service:
- DHCP for localnetwork
- Web server for localnetwork
- DNS for localnetwork with domain abc.ex
- LDAP for localnetwork
- Mailserver for localnetwork and also is mail gateway from domain abc.ex outsite Internet
- Squid proxy

---win2k3---
+ interface
ip: 192.168.2.2/24
+ service
- Active Directory
- File server

Purpose:
--localnetwork--
- allow all traffic only in localnetwork
- work better with win2k3 when join domain xyz.ex
- all request from localnetwork to Internet such as: web, ftp must be checked at Squid proxy server.

--openbsd gateway--
- allow all request to web server, mail server (POP3s, IMAPs), LDAP, squid,....running on openbsd-gateway server.
- allow transparent all request from localnetwork to win2k3 server running DNS "xyz.ex"
- allow VIP1 user has IP address {192.168.2.9, 192.168.2.10} can use FTP
- allow VIP2 user can connect to all port from inside to outside without restriction.
- Redirect all request from localnetwork to Internet to port 8080 which Squid proxy is listening.
- Deny all request of service from localnetwork to Internet such as: games online, Xmule, bittorrent, POP (users used local mailserver), FTP....general speak, deny all traffic no need from users inside.
- Deny all scan port program, inject, exploit from inside.
- NAT all allow traffic from inside to outside network
- Log all action exploit from inside

--internet--
- deny all dangerous traffic from internet to inside network
- prevent all action exploit from outsite internet.
- Log all action exploit from outside

These are my firewall/gateway that i want to configure for my local network. I really confuse about PF. Please help me.
Thank you very much.

b:z 06-20-2005 05:06 AM
Please help me. I am waiting for your help. :cry:

danielanson 06-21-2005 09:38 PM
I know much a lot about firewalling with OpenBSD but no-one wants to write a complex file for you. Do a

>man pf.conf

There is a very detailed description of rules configuration including sections and examples. I am working now but perhaps I can give you a rudimentary copy to begin with.

I would suggest opening up entirely and starting to ping and go from there. Experiment then ping ....

b:z 06-22-2005 12:27 AM
Thank you very much.
I always waiting for your help, your guide and your suggestions.
However if your guid match with my purpose is very thanks. :)
I also read Asolutely Openbsd book and i think it will help me more, and with your help.


All times are GMT -5. The time now is 09:02 PM.