Setting up a small business firewall with IP filter

First, the network environment

1, Host A: Install freebsd4.7, install three network card fxp0, Xl0 and XL1.

Fxp0 for external network card, ip:x.x.x.x ISP to provide me with IP address

Xl0 for internal public area network card, ip:192.168.0.1

XL1 provides regional network adapters for internal services, ip:192.168.80.1

2, Host B: external to provide WWW service host, IP address: 192.168.80.80

3, Host C: the external provision of FTP service host, ip:192.168.80.3.

4, other workstations n Taiwan.

Second, compile the kernel

1,

#cd /sys/i386/conf
#cp GENERIC kernel_IPF

2, compile kernel_ipf, add the option:

options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK
3、
<CENTER><ccid_nobr>
<table width="400" border="1" cellspacing="0" cellpadding="2"
bordercolorlight = "black" bordercolordark = "#FFFFFF" align="center">
<tr>
　　<td bgcolor="e6e6e6" class="code" style="font-size:9pt">
　　<pre><ccid_code>
#/usr/sbin/config kernel_IPF
#cd ../../compile/kernel_IPF
#make kepend
#make
#make install

4, edit/etc/rc.rc.conf, open the following options:

defaultrouter="x.x.x.1" x.x.x.1为ISP提供的网关
gateway_enable="YES"
ipfilter_enable＝"YES"
ipnat_enable="YES"

5. Reboot system: Reboot

Third, configure the firewall

1, set address conversion ipnat. Under/etc, create a new file Ipnat.rules, which reads: