Date: Sun, 13 Jul 2003 11:53:27 -0500 From: "Micheal Patterson" <micheal@cancercare.net> To: <freebsd-questions@freebsd.org> Cc: listas@softinfo.com.br Subject: Re: IPFW + NATD Message-ID: <069501c3495f$4a100330$0201a8c0@dredster> References: <001901c34938$ec57f750$020aa8c0@acaraje>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Vitor de Matos Carvalho" <listas@softinfo.com.br> To: <freebsd-questions@freebsd.org> Sent: Sunday, July 13, 2003 7:18 AM Subject: IPFW + NATD > Hi, > > I have two networks: 10.1.0.0/16 and 10.2.0.0/16 > > Only that I need to make the NAT for only a one network, 10.2.0.0/16. Network 10,1,0,0/16 does not have external access. > How I configure in ipfw + natd so that this is possible? > My interface of exit is xl0 interface of network 10.1.0.0/16 is xl1, and interface of network 10.2.0.0/16 is xl2. > As I configure in ipfw using natd to make nat only for net 10.2.0.0/16. > > > > Regards, > > --------------------------------------------------- > Vitor de Matos Carvalho - #5602098 > Softinfo Network Administrator > +55 (71)9971-5011 / +55 (71)9986-9317 > Salvador - Bahia - Brazil > FreeBSD: The silent Workhorse I would think it would be something like this: # Divert all outbound traffic through nat # ipfw add 1 divert natd all from any to any via xl0 # ### Allow traffic from <> to internal networks # ipfw add 2 allow ip from 10,1,0,0/16 to 10.2.0.0/16 ipfw add 2 allow ip from 10.2.0.0/16 to 10.1.0.0/16 # ### Deny 10.1.0.0/16 traffic to anyone else # ipfw add 4 deny ip from 10.1.0.0/16 to any # ### Rest of firewall rules # -- Micheal Patterson Network Administration Cancer Care Network 405-733-2230
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?069501c3495f$4a100330$0201a8c0>