From owner-freebsd-net  Tue Jul 10 16:13: 6 2001
Delivered-To: freebsd-net@freebsd.org
Received: from mail.guest-tek.com (mail.guesttek.com [139.142.1.74])
	by hub.freebsd.org (Postfix) with ESMTP id EF92737B401
	for <freebsd-net@FreeBSD.ORG>; Tue, 10 Jul 2001 16:13:02 -0700 (PDT)
	(envelope-from peter@guest-tek.com)
Received: from localhost ([139.142.135.115])
	by mail.guest-tek.com (8.9.3/8.8.7) with ESMTP id RAA23397;
	Tue, 10 Jul 2001 17:09:14 -0600
Message-Id: <200107102309.RAA23397@mail.guest-tek.com>
Date: Tue, 10 Jul 2001 17:12:28 -0600
From: Peter Warrick <peter@guest-tek.com>
Content-Type: text/plain;
	format=flowed;
	charset=us-ascii
Subject: Re: IPFW and NATD
Cc: Julian Elischer <julian@elischer.org>, freebsd-net@FreeBSD.ORG
To: Nick Rogness <nick@rogness.net>
X-Mailer: Apple Mail (2.388)
In-Reply-To: <Pine.BSF.4.21.0107101804330.51639-100000@cody.jharris.com>
Mime-Version: 1.0 (Apple Message framework v388)
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Ok one last question.. :)

I am trying to redirect all the traffic on a certain port except for a 
couple of computers.. I have this rule setup to do this..

fwd 139.142.135.115 tcp from any to any 80

How would I then make it so that those couple of machines are not 
effected.. I've tried the following..

allow tcp from 192.168.0.2 to any 80 via en0
allow tcp from any 80 to 192.168.0.2 in recv en0
allow tcp from 192.168.0.2 to any 80 via en1
allow tcp from any 80 to 192.168.0.2 in recv en1
allow tcp from 1.2.3.5 to any 80

None of these have worked either alone or together.. Any ideas??

Thanks again.

Peter.

On Tuesday, July 10, 2001, at 05:06 PM, Nick Rogness wrote:

> On Tue, 10 Jul 2001, Julian Elischer wrote:
>
>>
>>
>> On Tue, 10 Jul 2001, Nick Rogness wrote:
>>> 	You need to add another rule:
>>>
>>> 	ipfw add divert natd all from $PUBLIC_IP to any in via en0
>>                                           ^          ^
>>                                           \----------/
>>                                        swap these
>>
>>
>>>
>>> 	The $PUBLIC_IP should be the IP of en0.  This will only work if
>>> 	your non-diverted traffic is using a different public IPs...which
>>> 	I'm assuming you are.
>>
>> OR you don NOT want other machines to be able to get out.
>
> 	Ooops...yep he's right...relized that after I read Julian's
> 	original response.
>
>
> Nick Rogness <nick@rogness.net>
>  - Keep on Routing in a Free World...
>   "FreeBSD: The Power to Serve!"
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message