From owner-freebsd-questions@FreeBSD.ORG Sun Jul 13 11:02:56 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 496E437B401 for ; Sun, 13 Jul 2003 11:02:56 -0700 (PDT) Received: from bsd.masp.srv.br (bsd.masp.srv.br [200.223.149.86]) by mx1.FreeBSD.org (Postfix) with SMTP id C9EBB43F75 for ; Sun, 13 Jul 2003 11:02:54 -0700 (PDT) (envelope-from listas@softinfo.com.br) Received: (qmail 23000 invoked from network); 13 Jul 2003 18:14:21 -0000 Received: from unknown (HELO acaraje) (200.164.0.200) by bsd.masp.srv.br with SMTP; 13 Jul 2003 18:14:21 -0000 Message-ID: <006b01c34969$05671020$020aa8c0@acaraje> From: "Vitor de Matos Carvalho" To: "Micheal Patterson" , References: <001901c34938$ec57f750$020aa8c0@acaraje> <069501c3495f$4a100330$0201a8c0@dredster> Date: Sun, 13 Jul 2003 15:03:10 -0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: IPFW + NATD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Vitor de Matos Carvalho List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jul 2003 18:02:56 -0000 Thanks for help. My net 10.1.0.0/16 cannot se net 10.2.0.0/16.=20 E mine firewall the last rule of my kernel is: deny ip from any to any=20 Regards, --------------------------------------------------- Vitor de Matos Carvalho - #5602098 Softinfo Network Administrator +55 (71)9971-5011 / +55 (71)9986-9317 Salvador - Bahia - Brazil FreeBSD: The silent Workhorse ----- Original Message -----=20 From: "Micheal Patterson" To: Cc: Sent: Sunday, July 13, 2003 1:53 PM Subject: Re: IPFW + NATD >=20 >=20 > ----- Original Message -----=20 > From: "Vitor de Matos Carvalho" > To: > Sent: Sunday, July 13, 2003 7:18 AM > Subject: IPFW + NATD >=20 >=20 > > Hi, > > > > I have two networks: 10.1.0.0/16 and 10.2.0.0/16 > > > > Only that I need to make the NAT for only a one network, = 10.2.0.0/16. > Network 10,1,0,0/16 does not have external access. > > How I configure in ipfw + natd so that this is possible? > > My interface of exit is xl0 interface of network 10.1.0.0/16 is xl1, = and > interface of network 10.2.0.0/16 is xl2. > > As I configure in ipfw using natd to make nat only for net = 10.2.0.0/16. > > > > > > > > Regards, > > > > --------------------------------------------------- > > Vitor de Matos Carvalho - #5602098 > > Softinfo Network Administrator > > +55 (71)9971-5011 / +55 (71)9986-9317 > > Salvador - Bahia - Brazil > > FreeBSD: The silent Workhorse >=20 >=20 > I would think it would be something like this: >=20 > # Divert all outbound traffic through nat > # > ipfw add 1 divert natd all from any to any via xl0 > # > ### Allow traffic from <> to internal networks > # > ipfw add 2 allow ip from 10,1,0,0/16 to 10.2.0.0/16 > ipfw add 2 allow ip from 10.2.0.0/16 to 10.1.0.0/16 > # > ### Deny 10.1.0.0/16 traffic to anyone else > # > ipfw add 4 deny ip from 10.1.0.0/16 to any > # > ### Rest of firewall rules > # >=20 > -- >=20 > Micheal Patterson > Network Administration > Cancer Care Network > 405-733-2230 >=20 >=20 >