Date: Wed, 3 Nov 2004 12:01:45 +0200 From: Nelis Lamprecht <nlamprecht@gmail.com> To: sonjaya <son_jaya@yahoo.com> Cc: FreeBSD Questions <questions@freebsd.org> Subject: Re: ipnat.rules Message-ID: <7cbadc8704110302015705d966@mail.gmail.com> In-Reply-To: <20041103012542.17771.qmail@web40913.mail.yahoo.com> References: <20041103012542.17771.qmail@web40913.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Nov 2004 17:25:42 -0800 (PST), sonjaya <son_jaya@yahoo.com> wrote: > dear all > > after i finish add in my kernel ipnat , i use this > sample script : > /etc/ipnat.rules : > map rl0 172.18.5.11/255.255.0.0 -> 0.0.0.0/32 proxy > port ftp ftp/tcp ssh > map rl0 172.18.5.11/255.255.0.0 -> 0.0.0.0/32 portmap > tcp/udp auto > > in here my net : > > lan--NAT server---internet > > my question is : > > 1.how i must set ipnat.rules only some ip get nat > other can not user . > because if some pc station use the gateway my server > that pcstation get nat . > > may be like this : > lan(non-nat)-----| > lan(nat)---------|---NAT Server---INternet You need a rule with something like: map rl0 from $natnetwork ! to $pubnetwork -> $natserver > > 2. how i set the map rule in ipnat.rules , that lan do > not have righ to nat to directly to proxy . add a block rule for the proxy ip from lan but pass the nat server ? not quite sure what you want.. > > i'm so sory if my question is basic , because i new in > freebsd > thx > No problem even though it's more IP Filter than FreeBSD related. For further information see http://www.obfuscation.org/ipf/ipf-howto.html Nelis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7cbadc8704110302015705d966>