From owner-freebsd-questions@FreeBSD.ORG Sat Dec 11 17:31:06 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6C9116A4CE for ; Sat, 11 Dec 2004 17:31:06 +0000 (GMT) Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9812843D45 for ; Sat, 11 Dec 2004 17:31:06 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from [69.27.131.0] ([69.27.131.0]) by ns1.tiadon.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 11 Dec 2004 11:29:03 -0600 Message-ID: <41BB2EEF.1000904@daleco.biz> Date: Sat, 11 Dec 2004 11:31:27 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.3) Gecko/20041210 X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Banning References: <20041210013055.GA49697@skytracker.ca> <41B92C8C.8050407@yahoo.com> <20041210202014.GA12902@skytracker.ca> <41BA651B.1020905@daleco.biz> <20041211054600.GB16388@skytracker.ca> In-Reply-To: <20041211054600.GB16388@skytracker.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 11 Dec 2004 17:29:04.0009 (UTC) FILETIME=[E9034F90:01C4DFA6] cc: questions@freebsd.org Subject: Re: gateway_enable question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2004 17:31:06 -0000 David Banning wrote: >>>On the firewall it is difficult to block the win boxes because I -want- >>>each machine to be able to contact each other, but I don't want the >>>windows boxes to have internet connection. >>> >>> >>Now, that seems a little weird. Do you not have a hub or switch >>other than the BSD box on this network? Unless you're doing >>some strange routing or something, everybody on the wire >>ought to see everybody else regardless of the settings on the >>firewall (except they maybe won't see *it* ...) >> >> > >DSL Modem <> BSD Box <> HUB <> All win boxes > >Everyone does see each other. I just don't want the win boxes to >see the internet; but I -do- want them to continue to see each other. > > Giorgios' ipfw rules (last post in thread) take care of this well. I suppose I was just confused; even if you told the BSD box to block all traffic on the internal interface, the Winboxen would still be able to communicate. Probably I misread or misinterpreted your paragraph. Hope all's well now. Kevin Kinsey