From owner-freebsd-security Mon Jun 11 8: 2: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from pippo.dada.it (giovit.dada.it [195.110.97.5]) by hub.freebsd.org (Postfix) with ESMTP id CF6CA37B40D for ; Mon, 11 Jun 2001 08:01:52 -0700 (PDT) (envelope-from drummino@yahoo.com) Received: (from root@localhost) by pippo.dada.it (8.11.3/8.11.3) id f5BF0rn00382; Mon, 11 Jun 2001 17:00:53 +0200 (CEST) (envelope-from drummino@yahoo.com) Date: Mon, 11 Jun 2001 17:00:53 +0200 From: Matteo To: Robin Huiser Cc: security@freebsd.org Subject: Re: FW: ipfw, natd and routing question Message-ID: <20010611170053.A356@pippo.dada.it> Reply-To: drummino@yahoo.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from Robin Huiser on Mon, Jun 11, 2001 at 04:47:29PM +0200 X-Mailer: Mutt 1.2.5i on FreeBSD 4.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Jun 11, 2001 at 04:47:29PM +0200, Robin Huiser wrote: > -The EXT interface: connected to the Internet, IP subnet x.x.242.32/240 > -The DMZ interface: connected to our DMZ subnet, IP subnet x.x.242.48/240 > -The LAN interface: connected to our LAN subnet, IP subnet 192.168.1.0/24 > But... how do I prevent the NAT to 'translate' the IP addresses when a > session is set up from the DMZ segment to a host somewhere on the Internet? > I want all traffic to be routed from the DMZ subnet to the Internet... Try with: ipfw add xxxxx fwd extinterface all from x.x.242.48/240 to any options IPFIREWALL_FORWARD in kernel. This rules must be previous of divert natd rules. Bye. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message