From owner-freebsd-questions@FreeBSD.ORG Wed Nov 3 10:01:50 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D18A16A4CE for ; Wed, 3 Nov 2004 10:01:50 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id B598A43D48 for ; Wed, 3 Nov 2004 10:01:49 +0000 (GMT) (envelope-from nlamprecht@gmail.com) Received: by wproxy.gmail.com with SMTP id 68so132191wri for ; Wed, 03 Nov 2004 02:01:45 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=cNYN0DmWR+odhK9LsMrB9ldN57LKu+m1kvbakH+jAmw6O97TtDiti4SO+fKFjKKXDVXVTUXy/083s8JW5YoKgGhc34olDpth1jR+g25SvLDasQYaUI++kilKjT27x7euz51Dv4N5zLDFw2xgbJE+yRI/GoNMx1KgF2tt2gabg7g= Received: by 10.54.33.47 with SMTP id g47mr124570wrg; Wed, 03 Nov 2004 02:01:45 -0800 (PST) Received: by 10.54.38.55 with HTTP; Wed, 3 Nov 2004 02:01:45 -0800 (PST) Message-ID: <7cbadc8704110302015705d966@mail.gmail.com> Date: Wed, 3 Nov 2004 12:01:45 +0200 From: Nelis Lamprecht To: sonjaya In-Reply-To: <20041103012542.17771.qmail@web40913.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20041103012542.17771.qmail@web40913.mail.yahoo.com> cc: FreeBSD Questions Subject: Re: ipnat.rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nelis Lamprecht List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Nov 2004 10:01:50 -0000 On Tue, 2 Nov 2004 17:25:42 -0800 (PST), sonjaya wrote: > dear all > > after i finish add in my kernel ipnat , i use this > sample script : > /etc/ipnat.rules : > map rl0 172.18.5.11/255.255.0.0 -> 0.0.0.0/32 proxy > port ftp ftp/tcp ssh > map rl0 172.18.5.11/255.255.0.0 -> 0.0.0.0/32 portmap > tcp/udp auto > > in here my net : > > lan--NAT server---internet > > my question is : > > 1.how i must set ipnat.rules only some ip get nat > other can not user . > because if some pc station use the gateway my server > that pcstation get nat . > > may be like this : > lan(non-nat)-----| > lan(nat)---------|---NAT Server---INternet You need a rule with something like: map rl0 from $natnetwork ! to $pubnetwork -> $natserver > > 2. how i set the map rule in ipnat.rules , that lan do > not have righ to nat to directly to proxy . add a block rule for the proxy ip from lan but pass the nat server ? not quite sure what you want.. > > i'm so sory if my question is basic , because i new in > freebsd > thx > No problem even though it's more IP Filter than FreeBSD related. For further information see http://www.obfuscation.org/ipf/ipf-howto.html Nelis