From owner-freebsd-questions Thu Jul 9 19:30:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA06205 for freebsd-questions-outgoing; Thu, 9 Jul 1998 19:30:06 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from iworks.interworks.org (deischen@iworks.interworks.org [128.255.18.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA06148 for ; Thu, 9 Jul 1998 19:30:00 -0700 (PDT) (envelope-from deischen@iworks.interworks.org) Received: (from deischen@localhost) by iworks.interworks.org (8.8.7/8.8.7) id VAA02224; Thu, 9 Jul 1998 21:31:18 -0500 (CDT) Date: Thu, 9 Jul 1998 21:31:18 -0500 (CDT) From: "Daniel M. Eischen" Message-Id: <199807100231.VAA02224@iworks.interworks.org> To: j@lumiere.net Subject: Re: natd for only certain IPs Cc: questions@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I just setup natd to connect a private ethernet network to the internet. OK so far. > The private network is on fxp1 and the public network is on fxp0. Using > the basic rules in the natd man page, the private network can access the > public successfully. > > However, I don't want ANYONE coming in over the fxp1 interface to be able > to access the net. I want to limit it to 3-5 IP addresses (vs the 300+ > machines the private network). > > How can I restrict access to the internet to only the IP addresses I > select? Only divert those addresses. Use firewall rules to restrict the remaining private addresses from going out on the public interface. I can send you the firewall rules we use on a 4 port router. One of these ports is a private network, while the others are legal/public addresses. Dan Eischen deischen@iworks.InterWorks.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message