Main Stories
Slash Boxes

Slash Open Source Project

Slashcode Log In

Log In

[ Create a new account ]

Moving Slash behind a Firewall

posted by Krow on 11:19 AM March 8th, 2002   Printer-friendly   Email story
I've had my little slashsite up and running on a FreeBSD server for a couple of months now, and all was well. However, being the paranoid admin I am, I decided to throw an OpenBSD firewall into the mix. You may read the story of how I moved an existing slashsite that was directly on the net, onto a private net behind the firewall.
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login
Loading... please wait.
  • I'm about to move my web/mail server from a T1 to behind my Ameritech DSL firewall (ISP wants me to actually pay for colo). I plan to do port forwarding on 80 and 25 on my firewall/router. I imagine I'll have some interesting tricks to perform. BTW - I *highly* recommend zone edit [] for handling DNS (especially dynamic DNS) needs. Really great interface, and free up to five domains. Even lets you control MX info.


    • I've had good luck with yahoo! domains. They allow you to specify "A", "C" and "MX" DNS records with a nice web interface. Don't think they support dynamics DNS though.

      YASS: []

  • Why is this a story? I have a FreeBSD slash site that was behind a OpenBSD box (2.x something) for a long time till I decided to get a Linksys BEFSR41 [] router/firewall box and use the box that was running openbsd for something else.

    It's either on the beat or off the beat, it's that easy.
    • The fact that it's on FreeBSD or behind an OpenBSD firewall wasn't the real story. The process of moving the site from a net legal address to a NATed address behind the firewall was the story.
        I know I'm not the first to do it, and I imagine I fumbled some of the process. It was meant to be a "This was my experiance" story...

      Stephen L. Palmer
  • by Anonymous Coward
    Any of you guys have a suggestion on how to get my site to poke through firestarter? I run the wizard and open up port 80 to everyone but still can't see the site from outside.

    I know this is a nix newbie question... so be gentle;)
    • I'm not familiar with firestarter, but the first question I have is: Is the firewall on the same box as the slashsite or is it a different piece of hardware?
          If it's a different piece of hardware, as mine was, in addition to "opening" the port, you'll have to "redirect" incoming port 80 on the firewall to port 80 on the slashsite.
          Please give more detail, and we'll help as best we can!

      Stephen L. Palmer
      • I think he means Firestarter [].

        Yes, in addition to opening a port, you need to tell the firewall where to have all the traffic for that port to go.


        It's either on the beat or off the beat, it's that easy.
        • by Anonymous Coward
          hrm, where? I ran the wizard and opened 80 but I don't see anywhere for it to tell where to forward port 80.

          How do I tell it to allow connections to port 80 from the world ip's versus the internal 192.*...'s?