From owner-freebsd-questions Wed May 3 16:39:23 2000 Delivered-To: freebsd-questions@freebsd.org Received: from chmls05.mediaone.net (ne.mediaone.net [24.128.1.70]) by hub.freebsd.org (Postfix) with ESMTP id 643E837BA33 for ; Wed, 3 May 2000 16:39:19 -0700 (PDT) (envelope-from petedonadio@mediaone.net) Received: from spacemonkey (visualprogram.ne.mediaone.net [24.218.250.210]) by chmls05.mediaone.net (8.8.7/8.8.7) with SMTP id TAA08086; Wed, 3 May 2000 19:39:15 -0400 (EDT) Message-ID: <000501bfb559$3d7c3410$0201a8c0@visualprogram.ne.mediaone.net> From: "Database" To: Cc: References: <000a01bfb4a5$14a56390$0201a8c0@visualprogram.ne.mediaone.net> <20000502223020.C6021@cc942873-a.ewndsr1.nj.home.com> Subject: Re: ipfw Date: Wed, 3 May 2000 19:42:26 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG The rules are as follows. ipfw add allow all from any to public_add1 ipfw add deny all from any to public_add2 ipfw add allow tcp from remotedeveloper_address to public_address2/22 ipfw add allow tcp from remotedeveloper_address to public_address2/21 Do I have to add rules for natd? And is this possible? Basically I would like to redirect the traffic on public_address2 to an internal machine. I would like the firewall to be able to deny everything except 2 ports from a developers' address. The public_address1 is to allow everything for the internal machines to connect to the internet. Hopefully this helps you in aiding me. thanks Peter Donadio ----- Original Message ----- From: "Crist J. Clark" To: "Database" Cc: Sent: Tuesday, May 02, 2000 10:30 PM Subject: Re: ipfw > [Your email is all on one line. Please put newlines in at about the 72 > column mark or so.] > > On Tue, May 02, 2000 at 10:12:49PM -0400, Database wrote: > > I have a multihomed ethernet card that has two ip static address. One address i would like to allow all traffic. The second I am using natd to redirect the address to a different machine. I do not want to set the firewall type to open. If I set it to filename or simple it will not allow any traffic through on either ip address. Could you help me with the configuration of ipfw. > > The 'simple' setting is not meant for a machine doing NAT. When you > use a filename, what do you put in the file? Could you post the rules > you are trying to use? We need more of an idea of what you are trying > to do to be of any help. > > But if you really want to forward all traffic bound for a particular > address, after you do the divert(4) rule for natd(8), pass all traffic > to that host before heading to more restrictive rules. > -- > Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message