From owner-freebsd-questions  Thu Jun  1 13: 9:50 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.commlitho.com (medusa.commlitho.com [207.254.73.4])
	by hub.freebsd.org (Postfix) with SMTP id 997B337BEEF
	for <freebsd-questions@FreeBSD.org>; Thu,  1 Jun 2000 13:09:47 -0700 (PDT)
	(envelope-from patb@commlitho.com)
Received: from pc11.commlitho.com [207.254.73.2] by mail.commlitho.com with ESMTP
  (SMTPD32-4.07) id A2FBAD900144; Thu, 01 Jun 2000 13:09:31 MST
Message-Id: <4.3.1.2.20000601130436.00b3a940@commlitho.com>
X-Sender: patb@commlitho.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Thu, 01 Jun 2000 13:09:30 -0700
To: freebsd-questions@FreeBSD.org
From: Patrick Burm <patb@commlitho.com>
Subject: natd and ipfw help
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I am trying to restrict access to the internet. Currently I have a working
Natd that allows everyone access to the internet.

I wish to restrict full access to certain addresses while preserving access
to email to everyone.

I posted earlier with a ruleset that used multiple diverts, and have now
tried this ruleset:

00100 228 15147 allow udp from 192.168.73.0/24 to any 53
00200 374 16844 allow tcp from 192.168.73.0/24 to any 110
00200  38  4474 allow ip from any to any via lo0
00300  26  6044 allow tcp from 192.168.73.0/24 to any 25
00300   0     0 deny ip from any to 127.0.0.0/8
00400   0     0 allow ip from 192.168.73.11 to any
00500 356 44259 deny ip from 192.168.73.0/24 to any
00600 252 31124 divert 8668 ip from any to any
65000 251 31064 allow ip from any to any
65535   0     0 deny ip from any to any

This one allows access to servers on my own public net, but not the
internet.

If anyone has setup restrictions this way, please help :)

-Pat



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message