From owner-freebsd-questions Thu Jun 1 16: 0:12 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.commlitho.com (medusa.commlitho.com [207.254.73.4]) by hub.freebsd.org (Postfix) with SMTP id E9F0F37B9E4 for ; Thu, 1 Jun 2000 15:59:59 -0700 (PDT) (envelope-from patb@commlitho.com) Received: from pc11.commlitho.com [207.254.73.2] by mail.commlitho.com with ESMTP (SMTPD32-4.07) id AAEEC96006A; Thu, 01 Jun 2000 15:59:58 MST Message-Id: <4.3.1.2.20000601155757.00b3e580@commlitho.com> X-Sender: patb@commlitho.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Thu, 01 Jun 2000 15:59:57 -0700 To: "Raymundo M. Vega" From: Patrick Burm Subject: Re: natd and ipfw help Cc: freebsd-questions@FreeBSD.org In-Reply-To: <3936E8F8.4E8D8804@home.com> References: <4.3.1.2.20000601110613.00b85bb0@commlitho.com> <4.3.1.2.20000601140142.00b87100@commlitho.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > >There are easier ways, first run nstreams from ports, after that > > >delete the specific services you will not provide to your clients. > > > > my problem is not writing the rules, its where to position them so > > natd still works. Whenever I change anything from the default: > > > > 00100 divert 8668 ip from any to any via xl0 > > 00100 allow ip from any to any via lo0 > > 00200 deny ip from any to 127.0.0.0/8 > > 65000 allow ip from any to any > > 65535 deny ip from any to any > > > >Let assume that you want anybody to get DNS and mail access, the give >something like: > >ipfw add 150 allow udp from any to any 53 >ipfw add 160 allow udp from any to 25 Okay, but where do I add a line that allows just a single IP from the internal network access to more than everyone else. That late in the list it has been re-sourced by natd....so I cannot restrict. That was my original goal. restricting hosts, not services. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message