From owner-freebsd-questions@FreeBSD.ORG Wed Mar 31 20:38:43 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C99916A4CE for ; Wed, 31 Mar 2004 20:38:43 -0800 (PST) Received: from mail.takas.lt (mail-src.takas.lt [212.59.31.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id 464EC43D2D for ; Wed, 31 Mar 2004 20:38:42 -0800 (PST) (envelope-from prodigy@punktas.lt) Received: from prodigy ([213.190.42.48]) by mail.takas.lt with Microsoft SMTPSVC(5.0.2195.6713); Thu, 1 Apr 2004 07:38:41 +0300 Message-ID: <007c01c417ab$93da72f0$6900a8c0@prodigy> From: "Prodigy" To: "freebsd-questions" References: <003f01c4174d$c38ffa50$6900a8c0@prodigy> <1080762266.1094.6.camel@remote.high-low.net> Date: Thu, 1 Apr 2004 07:38:35 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-OriginalArrivalTime: 01 Apr 2004 04:38:41.0396 (UTC) FILETIME=[3543CB40:01C417A3] Subject: Re: problems with ipfw + natd rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Apr 2004 04:38:43 -0000 I tried to allow only 80 port, but the result is the same. I have also tried ipf + ipnat, but i need to block internet connection to some users by MAC address, and ipf doesn't know, what MAC address is. Maybe i can block MAC addresses with ipf + ipnat somehow? Btw FreeBSD version is 4.9. > On Wed, 2004-03-31 at 20:27, Prodigy wrote: > > ${fwcmd} add 400 pass tcp from any 22,80,110,119,143,443,3306,5190,6667-7000 > > to any via rl1 > > ${fwcmd} add 500 pass tcp from any to any > > 22,80,110,119,143,443,3306,5190,6667-7000 via rl1 > > > > When I comment out 400 and 500 rules and add "allow all from any to any via > > rl1" it's all ok. The problem is somewhere in 400 and 500 rules. > > Those lines (400 and 500) sure look like they could cause trouble. Try > chopping them up per port number/range across multiple lines. > > ipfw and natd are nice for the quick-and-dirty setups, but if you need > something more predictable, configurable, and debuggable....switch to > ipfilter and ipnat. You'll find yourself very much in control over your > firewall/nat environment. > > Andre > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"