Date: Mon, 11 Jun 2001 17:00:53 +0200 From: Matteo <drum@gufi.org> To: Robin Huiser <robin@bequbed.com> Cc: security@freebsd.org Subject: Re: FW: ipfw, natd and routing question Message-ID: <20010611170053.A356@pippo.dada.it> In-Reply-To: <DEEJKCBNGEENMLAHPCPEOEPLCGAA.robin@bequbed.com>; from Robin Huiser <robin@bequbed.com> on Mon, Jun 11, 2001 at 04:47:29PM %2B0200 References: <DEEJKCBNGEENMLAHPCPEOEPLCGAA.robin@bequbed.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 11, 2001 at 04:47:29PM +0200, Robin Huiser wrote: > -The EXT interface: connected to the Internet, IP subnet x.x.242.32/240 > -The DMZ interface: connected to our DMZ subnet, IP subnet x.x.242.48/240 > -The LAN interface: connected to our LAN subnet, IP subnet 192.168.1.0/24 > But... how do I prevent the NAT to 'translate' the IP addresses when a > session is set up from the DMZ segment to a host somewhere on the Internet? > I want all traffic to be routed from the DMZ subnet to the Internet... Try with: ipfw add xxxxx fwd extinterface all from x.x.242.48/240 to any options IPFIREWALL_FORWARD in kernel. This rules must be previous of divert natd rules. Bye. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010611170053.A356>