From owner-freebsd-questions  Sun Mar 24  1:34:33 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from www2.mailru.com (www2.mailru.com [80.68.244.5])
	by hub.freebsd.org (Postfix) with ESMTP id 1588537B41A
	for <questions@freebsd.org>; Sun, 24 Mar 2002 01:34:15 -0800 (PST)
Received: from dream.club (dialup-169.ttn.ru [213.24.84.169])
	(authenticated bits=0)
	by www2.mailru.com (8.12.1/8.12.1) with ESMTP id g2O9aHep032109
	for <questions@freebsd.org>; Sun, 24 Mar 2002 12:36:33 +0300 (MSK)
	(envelope-from vadius@tagan.ru)
Date: Sun, 24 Mar 2002 12:34:23 +0300
From: Vadius <vadius@tagan.ru>
X-Mailer: The Bat! (v1.53d)
Reply-To: Vadius <vadius@tagan.ru>
X-Priority: 3 (Normal)
Message-ID: <679991314.20020324123423@tagan.ru>
To: questions@freebsd.org
Subject: 2 natd ?
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello questions,

  Excuse me but I didn't found answer on my question in documentation
  for *BSD. I have a some trouble: I have LAN with one computer with
  FreeBSD 4.2 as gateway to internet.
  Primary target is restrict access to internet for selected computers
  (situation like internet-cafe). It's not a problem - I control it
  with ipfw rules.
  But now we have two modems - one analog Acorp on ppp0 and ISDN ZyXEL
  omni.net plus on ppp1 and now I need to resctict access to internet
  to all computers and sometimes grant access to internet via ISDN for
  selected only computers (other machines leave on analog line).
  And I don't know how I can direct one computer to ISND line and pass
  trafic to other computers through analog line?

  My previous firewall (silplified version) loks like:

  #NAT for all requests to/from internet via Acorp
  divert 8668 ip from any to any via ppp0

  #Localhost
  allow all from any to any via lo0
  deny ip from any to 127.0.0.0/8
  
  #LAN traffic
  allow ip from 192.168.0.0/28 to 192.168.0.0/28 via ed0

  #Restriction rules
  deny ip from any to 192.168.0.1
  deny ip from any to 192.168.0.2
  deny ip from any to 192.168.0.3
  ...

  #allow access for comps not specified in restriction rules
  allow ip from any to 192.168.0.0/28
  deny  ip from any to 192.168.0.0/16

  allow ip from any to any
  deny  ip from any to any

  Yes, firewall is far from prefect, but now there are no problems
  with it.
  Can you help me - when I connect ISND modem to ppp1 - how I can
  direct some copms to ISDN and pass other through Acorp (ppp0)?

  Thank you for your attention

-- 
Best regards,
 Vadius                          mailto:vadius@tagan.ru


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message