From owner-freebsd-questions@FreeBSD.ORG Sun Jul 13 09:53:17 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A5F537B401 for ; Sun, 13 Jul 2003 09:53:17 -0700 (PDT) Received: from lakemtao07.cox.net (lakemtao07.cox.net [68.1.17.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id 783B343F3F for ; Sun, 13 Jul 2003 09:53:16 -0700 (PDT) (envelope-from micheal@cancercare.net) Received: from dredster ([68.12.70.4]) by lakemtao07.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20030713165316.UUNC26675.lakemtao07.cox.net@dredster>; Sun, 13 Jul 2003 12:53:16 -0400 Message-ID: <069501c3495f$4a100330$0201a8c0@dredster> From: "Micheal Patterson" To: References: <001901c34938$ec57f750$020aa8c0@acaraje> Date: Sun, 13 Jul 2003 11:53:27 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: listas@softinfo.com.br Subject: Re: IPFW + NATD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jul 2003 16:53:17 -0000 ----- Original Message ----- From: "Vitor de Matos Carvalho" To: Sent: Sunday, July 13, 2003 7:18 AM Subject: IPFW + NATD > Hi, > > I have two networks: 10.1.0.0/16 and 10.2.0.0/16 > > Only that I need to make the NAT for only a one network, 10.2.0.0/16. Network 10,1,0,0/16 does not have external access. > How I configure in ipfw + natd so that this is possible? > My interface of exit is xl0 interface of network 10.1.0.0/16 is xl1, and interface of network 10.2.0.0/16 is xl2. > As I configure in ipfw using natd to make nat only for net 10.2.0.0/16. > > > > Regards, > > --------------------------------------------------- > Vitor de Matos Carvalho - #5602098 > Softinfo Network Administrator > +55 (71)9971-5011 / +55 (71)9986-9317 > Salvador - Bahia - Brazil > FreeBSD: The silent Workhorse I would think it would be something like this: # Divert all outbound traffic through nat # ipfw add 1 divert natd all from any to any via xl0 # ### Allow traffic from <> to internal networks # ipfw add 2 allow ip from 10,1,0,0/16 to 10.2.0.0/16 ipfw add 2 allow ip from 10.2.0.0/16 to 10.1.0.0/16 # ### Deny 10.1.0.0/16 traffic to anyone else # ipfw add 4 deny ip from 10.1.0.0/16 to any # ### Rest of firewall rules # -- Micheal Patterson Network Administration Cancer Care Network 405-733-2230