From owner-freebsd-questions@FreeBSD.ORG Fri Nov 28 15:33:57 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A871516A4CE for ; Fri, 28 Nov 2003 15:33:57 -0800 (PST) Received: from smtp04.wxs.nl (smtp04.wxs.nl [195.121.6.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 811B243FD7 for ; Fri, 28 Nov 2003 15:33:56 -0800 (PST) (envelope-from akruijff@www.kruijff.org) Received: from kruij557.speed.planet.nl (ipd50a97ba.speed.planet.nl [213.10.151.186]) by smtp04.wxs.nl (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with ESMTP id <0HP3004KL5ICBB@smtp04.wxs.nl> for freebsd-questions@freebsd.org; Sat, 29 Nov 2003 00:35:03 +0100 (MET) Received: from Alex.lan (localhost [127.0.0.1]) by kruij557.speed.planet.nl (8.12.9p2/8.12.9) with ESMTP id hASNW8cP004362; Sat, 29 Nov 2003 00:32:08 +0100 (CET envelope-from akruijff@Alex.lan) Received: (from akruijff@localhost) by Alex.lan (8.12.9p2/8.12.9/Submit) id hASNW7C6004361; Sat, 29 Nov 2003 00:32:07 +0100 (CET envelope-from akruijff) Date: Sat, 29 Nov 2003 00:32:07 +0100 From: Alex de Kruijff In-reply-to: <20031127212800.M99560@kifco.net> To: Marwan Sultan Message-id: <20031128233207.GE815@dds.nl> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.4.1i References: <20031127212800.M99560@kifco.net> cc: FreeBSD questions List Subject: Re: ipfw and gateway SRVR controling. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Nov 2003 23:33:57 -0000 On Fri, Nov 28, 2003 at 12:36:44AM +0300, Marwan Sultan wrote: > Hello everyone, > > My boss asked me to do a gateway server, which can control the access > to internet users on our LAN. Make sure it has two NICs. On one you put the lan on the other the internet connection. In some cases you like to the tree NICs. The thirth then allows a DMZ setup. > I have a DSL Router connected to internet, -> should be connected to > FreeBSD 4.8-R box, and this box provide the internet access to the LAN > and control it. > > putting the box to internet, no big deal, My question is > How to controll the Internet access to users on lan? > For example: > To give this certain IP an Internet access and to Block the other IP > from having the internet access (with keeping the LAN up for the IP) ? > Also to set something like, Give this IP on LAN an internet from this > hour to this hour? > > Can someone please give me an Example on ipfw? You can read my home page or use google or the mail archies to search for some examples. > and is the ipfw the only way to do it? No, other options include ipf and route. The later is very limmeted. ipfw does the same as ipf plus allow you to have traffic shaper. You can use ipfw and ipf at the same time if you like. > I never used ipfw, so a kind detail help is really appreciate it. > > sorry for long email, and thank you. I say it about the ride size. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/