From owner-freebsd-ipfw Sat Apr 1 14:29:26 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by hub.freebsd.org (Postfix) with ESMTP id 1F92237BC5A for ; Sat, 1 Apr 2000 14:29:23 -0800 (PST) (envelope-from astrolox@innocent.com) Received: from [213.1.118.12] (helo=faith) by ruthenium.btinternet.com with smtp (Exim 2.05 #1) id 12bPUO-0002E5-00 for freebsd-ipfw@FreeBSD.ORG; Sat, 1 Apr 2000 16:07:04 +0100 Message-Id: <3.0.3.32.20000401170314.0098c190@mail.virgin.net> X-Sender: brian.wojtczak@mail.virgin.net X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.3 (32) Date: Sat, 01 Apr 2000 17:03:14 +0100 To: freebsd-ipfw@FreeBSD.ORG From: Brian 'Astrolox' Wojtczak Subject: Re: Selective access In-Reply-To: <20000329075634.A52161@lunatic.oneinsane.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ron Rosson wrote: > >Hello, > I have setup a FreeBSD Server to perform NAT using IPFilter and IPNAT. >Basically it is something like this: > >vr0 -------> Real Internet IP >vr1 -------> 192.168.0/24 > >The network portion of vr1 is where I am having issues. I would like to >set it up so that the lower 128 have full access thru the NAT and the >upper portion of the address space only be able to use email. > >vr1 = 192.168.0.0 netmask 255.255.255.128 Full Access to the net > 192.168.0.128 netmask 255.255.255.128 Email access only > >The NAT server also doubles as the Email server. > >IF anyone has done this or has an idea how it can be done without adding >another NIC. I would like to hear from ya. ;-) > This is easy. Set up NATD allowing all of 192.168.0 to use it. then edit /etc/rc.firewall and edit the divert rule which by default looks something like $fwcmd add divert natd all from any to any change it so that it looks something like $fwcmd add divert natd all from 192.168.0.0/4 to any or if that don't work add a rule which denies access from 192.168.0.128/4 to anything but smtp (and pop) I'm a little rusty on this at the moment, been in Tenerife for a week without a computer. If I made a mistake sorry ... please go and read some tutorial. I learnt everything I know from the FreeBSD Handbook and the ipfw man page. [1] http://www.freebsd.org/handbook/ [2] http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=0&manpath=Fr eeBSD+3.4-RELEASE&format=html Hope that helps, a little. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Brian 'Astrolox' Wojtczak "If ya going to do it, do it in style" Wolrd Wide Web Page: http://www.astrolox.com/ EMail Address: astrolox@innocent.com Personal RSA PGP Key - be aware of fake keys: 89 30 61 EC 2B CA C8 FA EC 11 87 6D DA 50 7C 6B Bits: 2048 Id: 10E51DFD Date: 2000/02/16 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message