Date: Thu, 4 May 2000 00:08:36 -0400 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Database <petedonadio@mediaone.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw Message-ID: <20000504000836.A9561@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <000501bfb559$3d7c3410$0201a8c0@visualprogram.ne.mediaone.net>; from petedonadio@mediaone.net on Wed, May 03, 2000 at 07:42:26PM -0400 References: <000a01bfb4a5$14a56390$0201a8c0@visualprogram.ne.mediaone.net> <20000502223020.C6021@cc942873-a.ewndsr1.nj.home.com> <000501bfb559$3d7c3410$0201a8c0@visualprogram.ne.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 03, 2000 at 07:42:26PM -0400, Database wrote: > The rules are as follows. > > ipfw add allow all from any to public_add1 > ipfw add deny all from any to public_add2 > ipfw add allow tcp from remotedeveloper_address to public_address2/22 > ipfw add allow tcp from remotedeveloper_address to public_address2/21 > > Do I have to add rules for natd? And is this possible? > Basically I would like to redirect the traffic on public_address2 to an > internal machine. I would like the firewall to be able to deny everything > except 2 ports from a developers' address. The public_address1 is to allow > everything for the internal machines to connect to the internet. Hopefully > this helps you in aiding me. If you use natd(8), you will need a divert rule. However, if all you would want natd for is to divert one IP to one machine, why not just put that IP on the machine in question and have the gateway do plain ol' routing to it? That said, your rules do not work. The second rule block all of the stuff coming in before it reaches 3 and 4. > ----- Original Message ----- > From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> > To: "Database" <petedonadio@mediaone.net> > Cc: <freebsd-questions@FreeBSD.ORG> > Sent: Tuesday, May 02, 2000 10:30 PM > Subject: Re: ipfw > > > > [Your email is all on one line. Please put newlines in at about the 72 > > column mark or so.] > > > > On Tue, May 02, 2000 at 10:12:49PM -0400, Database wrote: > > > I have a multihomed ethernet card that has two ip static address. One > address i would like to allow all traffic. The second I am using natd to > redirect the address to a different machine. I do not want to set the > firewall type to open. If I set it to filename or simple it will not allow > any traffic through on either ip address. Could you help me with the > configuration of ipfw. > > > > The 'simple' setting is not meant for a machine doing NAT. When you > > use a filename, what do you put in the file? Could you post the rules > > you are trying to use? We need more of an idea of what you are trying > > to do to be of any help. > > > > But if you really want to forward all traffic bound for a particular > > address, after you do the divert(4) rule for natd(8), pass all traffic > > to that host before heading to more restrictive rules. > > -- > > Crist J. Clark cjclark@home.com -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000504000836.A9561>